时间戳openssl无法验证时间戳

I'im trying to complete the process for a timestamping request/verify procedure.

So step 1 create timestamp request.php

require_once "TrustedTimestamps.php"; //i'm using David Müller script to manage openssl trought php
$signature_filename="example.txt";
$sha256 = hash_file('sha256', 'example.jpg');
$tsa_url = "https://tsa.exampleserver/tsa";

$requestFile = TrustedTimestamps::createRequestfile($sha256,'sha256');
$signature = TrustedTimestamps::signRequestfile($requestFile, $tsa_url);
file_put_contents($signature_filename, base64_decode($signature["response_string"]));

Step 2 validate timestampe validate.php

require_once "TrustedTimestamps.php";
$signature_filename="example.txt";
$sha256 = hash_file('sha256', 'example.jpg');
$tsa_url = "https://tsa.exampleserver/tsa";
$tsa_cert_file="timestampcertificate.crt";
$response_time="1561989750"; //extracted from the response

$content_file=file_get_contents($signature_filename);
$base64_response_string=base64_encode($content_file);

TrustedTimestamps::validate($sha256, $base64_response_string, $response_time, $tsa_cert_file,'sha256');

Step 1 seems to work correctly, i receive a timestamping string that i'm able to verify as detached timestamping in the tsa server site (They have a webpage with a form to upload timestamp and original image ). I need to complete the verification process automatically, without the webpage. Step 2 returns always an error:

TS_VERIFY_CERT:certificate verify error:unable to get local issuer certificate,

It seems that i can't verify my token with the tsa certificate file. I get this file from the tsa server owner, they told me that it's the file in wich the timestamps are signed. They can't tell me more and i can't ask for assistance, so my question is why i can't verify that token?

the open ssl command i used to verify is that:

"openssl ts -verify -digest ".escapeshellarg($hash)." -sha256 -in ".escapeshellarg($responsefile)." -CAfile ".escapeshellarg($tsa_cert_file);

-CAfile is the key of the problem i think, but i'm a newbie about openssl and timestamping. In openssl documentation there are very few details and in many examples i have seen only one file for -CAfile. Maybe my mistake is to pass the certificate directly trought the verify method?

展开翻译

译文

我正在尝试完成时间戳请求/验证程序的过程。</ p>

所以第1步</ strong>创建时间戳request.php </ p>

  require_once“TrustedTimestamps.php”;  //我正在使用DavidMüller脚本管理openssl trought php 
$ signature_filename =“example.txt”;
$ sha256 = hash_file('sha256','example.jpg');
$ tsa_url =“https ://tsa.exampleserver/tsa“;

$ requestFile = TrustedTimestamps :: createRequestfile($ sha256,'sha256');
$ signature = TrustedTimestamps :: signRequestfile($ requestFile,$ tsa_url);
file_put_contents( $ signature_filename,base64_decode($ signature [“response_string”]));
</ code> </ pre>

第2步</ strong>验证timestampe validate.php </ p>

  require_once“TrustedTimestamps.php”; 
$ signature_filename =“example.txt”;
$ sha256 = hash_file('sha256','example.jpg');
$ tsa_url =“https://tsa.exampleserver/tsa”;
$ tsa_cert_file =“timestampcertificate.crt”;
$ response_time =“1561989750”; //从响应中提取

$ content_file = file_get_contents($ signature_filename);
$ base64_response_string = base64_encode($ content_file);

TrustedTimestamps :: validate($ sha256,$ base64_response_string,$ response_time,$ tsa_cert_file, 'sha256');
</ code> </ pre>

步骤1似乎工作正常,我收到一个时间戳字符串,我可以验证为tsa服务器站点中的分离时间戳( 他们有一个网页,上面有一个上传时间戳和原始图片的表格。
我需要在没有网页的情况下自动完成验证过程。
第2步总是出错:</ p>

  TS_VERIFY_CERT:证书验证错误:无法获取本地颁发者证书,
</ code> </ pre>

似乎我无法使用tsa证书文件验证我的令牌。 我从tsa服务器所有者那里得到这个文件,他们告诉我这是时间戳签名的文件。 他们不能告诉我更多,我不能请求帮助,所以我的问题是为什么我无法验证该令牌?</ p>

我用来验证的open ssl命令是 :</ p>

 “openssl ts -verify -digest”.escapeshellarg($ hash)。“ -  sha256 -in”.escapeshellarg($ responsefile)。“ -  CAfile”.escapeshellarg(  $ tsa_cert_file); 
</ code> </ pre>

-CAfile </ code>是我认为的问题的关键,但我是关于openssl和timestamping的新手。 在openssl文档中,很少有细节,在很多例子中,我只看到了 -CAfile </ code>的一个文件。

我的错误是直接通过验证方法传递证书吗? </ p>
</ div>

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问