I'im trying to complete the process for a timestamping request/verify procedure.
So step 1 create timestamp request.php
require_once "TrustedTimestamps.php"; //i'm using David Müller script to manage openssl trought php
$signature_filename="example.txt";
$sha256 = hash_file('sha256', 'example.jpg');
$tsa_url = "https://tsa.exampleserver/tsa";
$requestFile = TrustedTimestamps::createRequestfile($sha256,'sha256');
$signature = TrustedTimestamps::signRequestfile($requestFile, $tsa_url);
file_put_contents($signature_filename, base64_decode($signature["response_string"]));
Step 2 validate timestampe validate.php
require_once "TrustedTimestamps.php";
$signature_filename="example.txt";
$sha256 = hash_file('sha256', 'example.jpg');
$tsa_url = "https://tsa.exampleserver/tsa";
$tsa_cert_file="timestampcertificate.crt";
$response_time="1561989750"; //extracted from the response
$content_file=file_get_contents($signature_filename);
$base64_response_string=base64_encode($content_file);
TrustedTimestamps::validate($sha256, $base64_response_string, $response_time, $tsa_cert_file,'sha256');
Step 1 seems to work correctly, i receive a timestamping string that i'm able to verify as detached timestamping in the tsa server site (They have a webpage with a form to upload timestamp and original image ). I need to complete the verification process automatically, without the webpage. Step 2 returns always an error:
TS_VERIFY_CERT:certificate verify error:unable to get local issuer certificate,
It seems that i can't verify my token with the tsa certificate file. I get this file from the tsa server owner, they told me that it's the file in wich the timestamps are signed. They can't tell me more and i can't ask for assistance, so my question is why i can't verify that token?
the open ssl command i used to verify is that:
"openssl ts -verify -digest ".escapeshellarg($hash)." -sha256 -in ".escapeshellarg($responsefile)." -CAfile ".escapeshellarg($tsa_cert_file);
-CAfile
is the key of the problem i think, but i'm a newbie about openssl and timestamping. In openssl documentation there are very few details and in many examples i have seen only one file for -CAfile
.
Maybe my mistake is to pass the certificate directly trought the verify method?