TSPOptionSpec

Data items
Datatype specific settings

A complex data type that stores preferences for the time-stamping provider (TSP) support.

TSPOptionSpec variables are used in the following operations of the Signature service:

Certify PDF operation

Sign Signature Field operation

Verify PDF Signature operation

Verify PDF Signature operation (deprecated)

For information about data that can be accessed using Xpath Expressions, see Data items .

For information about configuring default properties, see Datatype specific settings .

Data items

The data items that TSPOptionSpec variables contain.

tspHashAlgorithm

A string value that represents a hash algorithm associated with the TSP.

These string values are valid:

SHA1:: The Secure Hash Algorithm that has a 160-bit hash value.
SHA256:: The Secure Hash Algorithm that has a 256-bit hash value.
SHA384:: The Secure Hash Algorithm that has a 384-bit hash value.
SHA512:: The Secure Hash Algorithm that has a 512-bit hash value.
RIPEMD160:: The RACE Integrity Primitives Evaluation Message Digest that has a 160-bit message digest algorithm and is not FIPS-compliant.
The default value is SHA1 .

tspRevocationCheckStyle

A string value that represents the type of revocation checks performed when verifying a signature in a PDF document.

These string values are valid:

AlwaysCheck:: Checks for revocation of all certificates.
BestEffort:: Checks for revocation of all certificates when possible.
CheckIfAvailable:: Checks for revocation of all certificates only when revocation information is available.
NoCheck:: Does not check for revocation.
The default value is BestEffort .

SendNonce

A boolean value that indicates whether a nonce is sent with this TSP request. A nonce can be a timestamp, a visit counter on a web page, or a special marker. The parameter is intended to limit or prevent the unauthorized replay or reproduction of a file. A value of true indicates that a nonce is sent with the TSP request and false indicates that nonce is not sent.

tspServerPassword

A string value that represents a password for accessing the TSP server using the specified user name.

tspServerURL

A string value that represents the URL for the TSP server. If no value is provided, the timestamp from the local system is applied.

tspServerUserName

A string value that represents a user name for accessing the TSP server.

tspSize

An int value that represents the estimated size of the TSP request in bytes. Valid values are from 60 to 10240 . The default value is 4096 .

useExpiredTimestamps

A boolean value that indicates whether to use a timestamp that has expired. A value of False means to not use expired timestamps. The default is True , which means to use expired timestamps during validation of the certificate.

Datatype specific settings

Properties for configuring time-stamping information applied to the certified signature.

Time Stamp Server URL

Sets the URL for a TSP server. If no value is provided, the timestamp from the local system is applied.

Time Stamp Server Username

Sets the user name if necessary for accessing the TSP server.

Time Stamp Server Password

Sets the password for the user name if necessary for accessing the TSP server.

Time Stamp Server Hash Algorithm

Sets the hash algorithm used to digest the request sent to the timestamp provider. The default value is SHA1. Select one of these values:

SHA1:: The Secure Hash Algorithm that has a 160-bit hash value.
SHA256:: The Secure Hash Algorithm that has a 256-bit hash value.
SHA384:: The Secure Hash Algorithm that has a 384-bit hash value.
SHA512:: The Secure Hash Algorithm that has a 512-bit hash value.
RIPEMD160:: The RACE Integrity Primitives Evaluation Message Digest that has a 160-bit message digest algorithm and is not FIPS-compliant.

Revocation Check Style

Sets the revocation-checking style used for verifying the trust status of the CRL provider’s certificate from its observed revocation status. The default value is BestEffort. Select one of these values:

NoCheck:: Does not check for revocation.
BestEffort:: Checks for revocation of all certificates when possible.
CheckIfAvailable:: Checks for revocation of all certificates only when revocation information is available.
AlwaysCheck:: Checks for revocation of all certificates.

Use Expired Timestamps

Select this option to use timestamps that have expired during the validation of the certificate. When this option is deselected, expired timestamps are not used. By default, this option is selected.

Predicted Time Stamp Token Size (In Bytes)

Sets the estimated size, in bytes, of the TSP response. The size is used to create a signature hole in the PDF document. This value represents the maximum size of the timestamp response that the configured TSP could return. Valid values are from 60 to 10240 . The default value is 4096 .

Note: Configuring an undersized value can cause the operation to fail; however, configuring an oversized value causes the size to be larger than necessary. It is recommended that this value is not modified unless that timestamp server requires a response size to be less than 4096 bytes.

Send Nonce

Select this option to send a nonce with the request. A nonce is a parameter that varies with time. These parameters can be a timestamp, a visit counter on a web page, or a special marker. The parameter is intended to limit or prevent the unauthorized replay or reproduction of a file. When the option deselected, a nonce is not sent with the request. By default, the option is selected.