First of all my compliments to Tracker Software for the PDF-XChange Viewer, an excellent and cost-effective product whose evaluation I warmly suggested to all the entities I am collaborating with as an IT consultant in Italy.
During some of the evaluations I suggested, we noticed only a little problem - which is not a technical problem in itself but simply a little issue related to Italian laws regarding time stamping procedures using the RFC 3161 protocol.
Apparently, the RFC 3161-compliant request which PDF-XChange Viewer sends to time-stamping authorities servers includes a SHA-1 hash of the document to be timestamped.
This was fine for Italian laws until June 2010, but as a consequence of an amendment to the regulations, the hash of the document to be timestamped must now be calculated using the SHA-256 algorithm.
Is there a way to force PDF-XChange Viewer to create a SHA-256 instead of a SHA-1 hash for the RFC 3161 request?
Thank you very much in advance for your answer.
SHA-256 hash for time stamping
Moderators: PDF-XChange Support, Daniel - PDF-XChange, Chris - PDF-XChange, Sean - PDF-XChange, Paul - PDF-XChange, Vasyl - PDF-XChange, Ivan - Tracker Software, Stefan - PDF-XChange
-
Stefan - PDF-XChange
- Site Admin
- Posts: 19930
- Joined: Mon Jan 12, 2009 8:07 am
Re: SHA-256 hash for time stamping
Hello LeJuifErrant,
This needs the attention of the Viewer Project Leader who is in the Canadian office, so we will pass it to him a bit later today, and will update this topic accordingly.
Best,
Stefan
This needs the attention of the Viewer Project Leader who is in the Canadian office, so we will pass it to him a bit later today, and will update this topic accordingly.
Best,
Stefan
-
John - Tracker Supp
- Site Admin
- Posts: 5225
- Joined: Tue Jun 29, 2004 10:34 am
Re: SHA-256 hash for time stamping
Hi LeJuifErrant,
Thanks for your kind words and bringing this to our attention - I have requested the project manager investigates as soon as possible and we will do our utmost to comply with this request as soon as possible.
HTH
Thanks for your kind words and bringing this to our attention - I have requested the project manager investigates as soon as possible and we will do our utmost to comply with this request as soon as possible.
HTH
If posting files to this forum - you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded - thank you.
Best regards
Tracker Support
http://www.tracker-software.com
Best regards
Tracker Support
http://www.tracker-software.com
-
LeJuifErrant
- User
- Posts: 4
- Joined: Wed Apr 13, 2011 10:02 am
Re: SHA-256 hash for time stamping
Thank you very much for your kind and *VERY* quick reply (wow, I'm impressed: my special compliments for this 
)...
I can add that even in all the other European Union countries, even those who do not explicitly specify in laws and regulations that SHA-256 must be used to obtain a valid timestamp using the RFC 3161 protocol, SHA-1 is now considered deprecated because its security seems compromised by recent attack attempts.
I'll wait for updates of this topic then: thank you again.
)...I can add that even in all the other European Union countries, even those who do not explicitly specify in laws and regulations that SHA-256 must be used to obtain a valid timestamp using the RFC 3161 protocol, SHA-1 is now considered deprecated because its security seems compromised by recent attack attempts.
I'll wait for updates of this topic then: thank you again.
-
John - Tracker Supp
- Site Admin
- Posts: 5225
- Joined: Tue Jun 29, 2004 10:34 am
Re: SHA-256 hash for time stamping
Pleasure 
So the plan is that in the next build in 14-21 days (build ...96) we will include an automated default attempt to add the SHA-256 hash - if this fails - then the SHA-1 option will be added if possible as a 'fallback' to cover all bases ..
HTH
So the plan is that in the next build in 14-21 days (build ...96) we will include an automated default attempt to add the SHA-256 hash - if this fails - then the SHA-1 option will be added if possible as a 'fallback' to cover all bases ..
HTH
If posting files to this forum - you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded - thank you.
Best regards
Tracker Support
http://www.tracker-software.com
Best regards
Tracker Support
http://www.tracker-software.com
-
LeJuifErrant
- User
- Posts: 4
- Joined: Wed Apr 13, 2011 10:02 am
Re: SHA-256 hash for time stamping
Wow, fantastic!
With this new feature I'll surely buy the product as soon as the new build is be available, and I think that a lot of people
in Italy who have my same problems related to regulations compliance and who appreciated your product when I showed them the trial version will consider to do the same.
Thank you again for the exceptional support!
With this new feature I'll surely buy the product as soon as the new build is be available, and I think that a lot of people
in Italy who have my same problems related to regulations compliance and who appreciated your product when I showed them the trial version will consider to do the same.
Thank you again for the exceptional support!
-
John - Tracker Supp
- Site Admin
- Posts: 5225
- Joined: Tue Jun 29, 2004 10:34 am
Re: SHA-256 hash for time stamping
Pleasure LeJuifErrant
If posting files to this forum - you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded - thank you.
Best regards
Tracker Support
http://www.tracker-software.com
Best regards
Tracker Support
http://www.tracker-software.com