I've got a doubt about how to create the VRI entry for a timestamp that's inside a PAdES signature.
Let's suppose there is a pdf document with a Signature and this signature has an embed timestamp.
Example:
\Sig
[...]
\Contents <1234567890ABCDEF[...]>
[...]
Type \DSS
\VRI <<
\Hash1 object1
\Hash2 object2
>>
[...]
Hash1 is easy to calculate: It's the whole signature hash, including the timestamp ( 1234567890ABCDEF[...] )
But Hash2... What should I use to calculate it? In the ETSI document, it's written like this (PAdES LTV Profile - Part 4 - V1.1.2 page 12):
For a Time-stamp's signature it is the bytes of the Time-stamp itself since the Time-stamp token is a signed data object
But I must say that didn't help a lot. Is it the timeStampToken? Only the content? What is "The time-stamp itself"?
Does anyone know any document that clarifies this? Reference implementation