EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PAdES Distributed signature

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 04/25/2013 19:54:33
by Mario Calderón (Basic support level)
Joined: 04/25/2013
Posts: 16

We are trying to sign server pdf documents using client certificates.

For now I am testing the C# PDFBlackbox\PAdES sample, however if I check "create Enhanced (PAdES) signature" and Request a timestamp from TSA server I am getting this exception:

SBCMS.EEICMSError: Failed to timestamp signature (error 83970)

What am I doing wrong?

Thanks in advanced.

Posted: 04/26/2013 00:27:45
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

83970 code stands for SB_TSP_ERROR_NO_REPLY and means that no reply received from your TSP server. This error may happen if the server returned HTTP status code other than 200 OK. Its possible that the server requires authorization etc.

To understand the reason you should implement TElHTTPTSPClient.OnHTTPError event and log its ResponseCode parameter that will contain exact status code returned.
Posted: 04/26/2013 11:42:41
by Mario Calderón (Basic support level)
Joined: 04/25/2013
Posts: 16

Hello, thank you for your fast reply!

I did as you suggested, the error caught is 307, says it is something about "Temporary Redirect" which I don't quite understand well.

Is it possible to sign PAdES (4) LTV by adapting the "ASP Net Distributed" sample towards this purpose?
Posted: 04/26/2013 11:58:04
by Ken Ivanov (EldoS Corp.)

Hello Mario,

It looks like the TSA server operates via the 307 redirect, which is ignored by the TElHTTPSClient by default. To overcome the problem, please handle the TElHTTPSClient.OnRedirection event and set the AllowRedirection parameter to true inside the handler.
Posted: 04/26/2013 12:23:01
by Mario Calderón (Basic support level)
Joined: 04/25/2013
Posts: 16

Great! that did it!

I could generate the signed pdf, however when I open it using Acobat Reader it says that the signature timestamp comes from local signing machine instead of saying that it comes from the timestamp autority... is the signed document following the PAdES (4) LTV standart?

Posted: 04/26/2013 13:17:00
by Ken Ivanov (EldoS Corp.)


To answer this question we would like to have a look at the document. Normally, if the signing process completed with no error, the timestamp should be there. However, Acrobat is quite sensitive to information contained in timestamps, so a minor issue in the timestamp itself might be the reason. Anyway, we will be able to give more substantial comment after inspecting the document's internals.

Please use Helpdesk to post the document to us privately. I've just created a ticket for you (#22795).
Posted: 03/31/2014 16:03:10
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

Sorry to re-open this old post, but I'm having a similar problem (error 83970). I'm using SBB 10 on VB.Net.

Does anyone can send me an example on how to implement the TElHTTPTSPClient.OnHTTPError to see if the error is really the same (307 redirection) and a sample on how to use TElHTTPSClient.OnRedirection event and set the AllowRedirection parameter?

Thank you in advance.
Posted: 03/31/2014 16:54:16
by Ken Ivanov (EldoS Corp.)


Thank you for contacting us.

You can handle the events in the below way:

' Setting handlers
AddHandler TSPClient.OnHTTPError, AddressOf HandleHTTPError
AddHandler HTTPClient.OnRedirection, AddressOf HandleHTTPRedirection

' Implementing the handlers
Private Sub HandleHTTPError(ByVal Sender As Object, ByVal ErrorCode As Integer)
    Console.WriteLine("HTTP error " & ErrorCode.ToString())
End Sub

Private Sub HandleHTTPRedirection(ByVal Sender As Object, ByVal OldURL As String, ByVal NewURL As String, ByRef AllowRedirection As Boolean)
     ' In the simplest case we are just allowing the client to redirect
    AllowRedirection = True
End Sub

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 1743 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!