How to correctly validate a signature with a timestamp signed before revoking of the signature certificate?

[Mato-Z]

Hello, I have question about validate a signature with a timestamp signed before later revocation of signature certificate (the X.509 file). For example I have PDF files (PKCS#7_T or PAdES_BASELINE_T) which was signed with PKCS#12 file (X.509 file with .pfx or .p12 extension) and during signing timestamps were correctly added. After few weeks X.509 certificate used for signing was revoked. During validation pyhanko evaluates the signature as invalid because signer certificate was revocated. But revocation time is older like signing time in timestamp.
One specific example: This document was signed 2022-12-15T13:41:05+00:00 and cert was revoked revoked at 17:37:53 on 2023-02-08, so in time of signing cert was valid. Why is the signature evaluate like invalid please?
It's possible that I just misunderstood the documentation. Is it possible, please, to perform validation so that the signature is evaluated as valid?
Many thanks.

2023-02-24 20:11:03,559 - pyhanko.sign.validation.generic_cms - WARNING - OCSP response indicates the end-entity certificate was revoked at 17:37:53 on 2023-02-08, due to an unspecified reason.
2023-02-24 20:11:03,559 - pyhanko.sign.validation.generic_cms - WARNING - Chain of trust validation for ... failed.
===================
Field 1: Signature2
===================


Signer info
-----------
...
Trust anchor: "No path to trust anchor found."
The signer's certificate is revoked.


Integrity
---------
The signature is cryptographically sound.

The digest algorithm used was 'sha256'.
The signature mechanism used was 'sha256_rsa'.


Signing time
------------
Signing time as reported by signer: 2022-12-15T14:41:19+01:00

Signature timestamp token: 2022-12-15T13:41:05+00:00
The token is guaranteed to be newer than the signature.
This timestamp is backed by a time stamping authority.
The timestamp token is cryptographically sound.
...
The TSA certificate is trusted.

Content timestamp token: 2022-12-15T13:41:05+00:00
The token is guaranteed to be older than the signature.
This timestamp is backed by a time stamping authority.
The timestamp token is cryptographically sound.
...
The TSA certificate is trusted.


Modifications
-------------
The signature does not cover the entire file.
All modifications relate to signature maintenance, and they appear to be compatible with the current document modification policy.


Bottom line
-----------
The signature is judged INVALID.


Error: Validation failed

[MatthiasValvekens]

Hmm, this definitely should work if the signature was generated correctly---there are unit tests for exactly this kind of scenario... I'm not sure why it fails. Did you embed revocation information at the time of signing? Can you try validating against an older version of pyHanko and pyhanko-certvalidator?

---

Having said that, the LTV validator currently exposed in the CLI is not very good. It has numerous issues, and it's very particular about where to source revocation information from for basically no good reason.

The latest version includes an experimental AdES validation engine that is definitely more correct, but (a) that one is still incubating and more difficult to use without specialised knowledge, and (b) not exposed in the CLI at all. If you're up for it, feel free to give it a try. The plan is to deprecate the old LTV validator as soon as the AdES validator is stable. Not sure when that'll happen, though.

[Mato-Z]

@MatthiasValvekens I have a problem if I want to add validation information when signing, and I use the following procedure:
pyhanko --verbose --config pyhanko.yml sign addsig --field Sig1 --timestamp-url MY_TSA --with-validation-info --validation-context setup-b --use-pades pkcs12 test.pdf output.pdf MY_PKCS12_FILE
The output file is only in PAdES BASELINE-T format and not PAdES BASELINE-LT as you describe https://pyhanko.readthedocs.io/en/latest/cli-guide/signing.html#embedding-revocation-info-with-pyhanko. I sent the file created in this way by e-mail with a detailed log from the generation.
And one more small question: Is this sentence in the validation output correct? No document timestamps after signature; proceeding without past proof of existence, when timestamp was automatically added during the signing? Isn't it a bit confusing even if it doesn't affect the actual verification result? It is a common behaviour of various tools like pyhanko, or Adobe Acrobat, etc. when signing (PAdES BASELINE-T)...

[Mato-Z]

@MatthiasValvekens When I try: pyhanko --verbose --config pyhanko.yml sign ltvfix --field Sig1 --timestamp-url MY_TSA --validation-context setup-b output.pdf format is still only BASELINE-T.

[MatthiasValvekens]

Hi @Mato-Z,

Sorry for the delay in replying. The situation you are describing arises because some revocation info in the PDF is lacking. As the CLI guide explains, ltvfix doesn't actually guarantee PADES-B-LT, it merely makes a good faith attempt at doing so.

That being said, I have a potential explanation/solution in this case: last week I found a regression in pyhanko-certvalidator in the sanity checks on incoming revocation data. The way that usually manifests is that pyHanko rejects otherwise valid OCSP responses, which could cause the behaviour you're seeing. The bug in question should be fixed in pyhanko-certvalidator 0.21.x and up. Can you try upgrading pyhanko-certvalidator to 0.22.0? You might get an error from pip about dependency mismatches, but it's mostly safe to ignore---the breaking change is a very minor one that doesn't really matter for CLI users.

PyHanko 0.18.0 will be released very soon, and it includes a bump for pyhanko-certvalidator, so if you can wait a few more days, that should also do the trick.

If you still see the same issue after bumping pyhanko-certvalidator, let me know.

[Mato-Z]

@MatthiasValvekens many thanks for reply. But unfortunately with pyhanko-certvalidator Version: 0.22.0 and pyHanko
Version: 0.18.1problem is the same :-(
Again I sent email with detailed information and files... Thanks a lot for your help.

[Mato-Z]

@MatthiasValvekens with pyhanko version 0.21.0 adding validation/revocation information is ok and PDF file has correct format PAdES B-LT.