Timestamp in Documents

Similar Messages

• Timestamping change documents

  Hi all,
  We are using Business Partner/Customer synchronisation but have noticed that the entries in CDHDR are timestamped one hour apart. So a synchronous change made at say 15:00 is stored on the table as 15:00 for object class DEBI but as 14:00 for object class BUPA_BUP. This is not really a problem as, when the BUPA_BUP data is displayed via the standard transactions, it displays as 15:00. Our only problem is a Z-coded change document report which shows the times directly from the table.
  I assume that there is configuration based on the object class but I can't find it. Does anyone know where it is??
  Thanks in advance.
  Brian

  Hi Maria,
  You should try transaction SUIM and select 'Change Documents'. Then you can also run report RHCDOC_DISPLAY as per note 1158326. The prerequisite is to activate the creation of change documents for the specific infotype, I mean you have to maintain the table T77CDOC_CUST. Hope it helps,
  Kind Regards
  Christine

• ECCS timestamp of documents

  I'm looking at ECCS from a BW point of view.
  What I need to do is find a way of indicating the new entries in the ECCS summary table ECMCT.
  Do you know of a table which would have the key etc.
  Similar to the concept in FI where there is a document number and creation timestamp.
  Any ideas?

  Hi Paul,
  I am currently working on the EC-CS module. As you have done the EC-CS extraction into BW , i have a question..... Wht is the datsource to extract the details/ Item of the EC-CS module.
  ECMCT is a totals table and ECMCA is Actuals table.
  3EC_CS_1A gets the data from ECMCT, but do you the datasource which extracts from ECMCA table.
  Our client wants to see the data in detail rather than the totals level.
  Please advice.
  Thanks,
  Bala

• A Security Weakness When Signing without a Timestamp

  Hi Guys,
  I am exploring the need of timestamping PDF documents using Adobe Acrobat wrt security. I see a lot of signatures made without timestamps and I see an issue here mentioned below. If my assumption is valid then Ideally Adobe Acrobat should strongly mandate to use timestamps with revocation information.
  The scenario:
  A user uses a high trust credential to legitimately sign PDF documents but chooses not to use a Timestamp to avoid costs.  These documents have an embedded signature plus the signer’s certificate chain CRLs and/or OCSP responses (but no trusted timestamp).
  At a point in time (let’s say 1 June 2012) the credential and PIN is stolen.   If the theft is before the end of validity period the credential is of course revoked. However if the theft is of an expired credential it can’t be revoked and most people would not notice and perhaps would not even care.  Let us further assume the thief gains access to a number of old signed documents.  Of course in theory this is not a problem, because these documents are signed and therefore protected and can’t be changed. However the thief now has access to a range of valid CRLs and/or OCSP responses that were properly valid from before the theft and can use them to their advantage.  These documents may even be widely published or perhaps received anyway by an insider thief.
  The thief can use the stolen credential and can sign a document at any date/time of their choosing up to 1 June 2012 (by varying their local system date/time) to one that lies within the validity period of any previous OCSP/ CRL data they have captured. Even though the signature covers the validation data this is all done at what seems like a legitimate time. 
  Trust Threat Analysis:
  A stolen credential and PIN can easily be used at a local desktop time (set to anything you like).  With PDF editing software – no problem for a hacker of course – you can embed a CRL that shows the stolen credential as good during any period up to the revocation or expiry.  The hacker just needs to select a signing date/time that is within a CRL validity period for one of the CRLs they have access to.  The selected CRL is then re-used as part of the signing process on a fraudulent document.
  It is now up to the receiving software to make the right trust decision – and a trusted timestamp should always be used to make a trustworthy historic decision.  If there is no embedded trusted timestamp the receiver software could decide to verify the signature at (a) the current time or (b) the (untrusted) time indicated by the signer.  Any software that uses option (b) and trusts the (untrusted) time in the signature rather than defaulting to current time creates a substantial trust issue.  The whole purpose of using and attaching a valid, trusted signature time stamp is to independently confirm the accurate date/time of (potentially untrusted) third party signing events.  The timestamp cannot be re-used since it covers the signature details.  Any substantial variance in time between the signer’s time and the timestamp time is peculiar but systems should always default to trusting the signature timestamp date/time.
  Ideally PDF signing software used by a signer that fails to obtain a timestamp should not allow the document to be signed.  If the policy is to sign with a long-term signature then the timestamp must be present to confirm the time.  Some software products create confusion by allowing the timestamp to be missed if it cannot be obtained.  This means that a document that should have a life of several months or years should actually be seen to have an issue immediately after certificate revocation or expiry (could be in a few days or months).  Using such software, users will not be aware of the issue until the problem has manifested itself.
  Any Comments?
  Regards,
  Wahaj

  The settings for the warning messages have been removed from the user interface (Bug 513166).
  You need to change the related security.warn_* prefs directly on the <b>about:config</b> page.<br />
  Filter: security.warn
  To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br />
  If you see a warning then you can confirm that you want to access that page.<br />
  *Use the Filter bar at to top of the about:config page to locate a preference more easily.
  *Preferences that have been modified show as bold(user set).
  *Preferences can be reset to the default or changed via the right-click context menu.

• How to change  the Timestamp In  a program

  Hi,
  We faced a problem today, Some of the critical jobs from a source system are going to short Dump. Unfortunately we couldn't find any lockwaits, deadlocks and any delay in SM37. After analyzing, we came to know that, SAP trace indicates failure occured during program /GLB/RGTCSR_RC_INV execution :
  B  *** ERROR => DISTRIBUTED_TA_FAILED:
  The timestamp for the execution of the program has been set as "20.070.801.000.000", that does mean it will try to retrieve all values after the date 01.08.2007 and the time 00:00:00. Now checking on the code we can see there is a logic written which retrieves the values from the table /GLB/RGTT_CS_RC, checking on the Goods Movement status (wbsta) , timestamp and document number (VBELN_SO) if any. For this case VBELN_SO is blank and vbsta is equal to space (Not Relevant). This retrieval helped to logic to retrieve 706706 document and items from the table. This amount of data is huge and we would like to request BW team to run the program with a smaller timestamp to avoid any inconsistencies and also to avoid the dumps which can occur when we try to play with this huge entries.
  Checking on the code, two similar selects have been written on the same table /GLB/RGTT_CS_RC, firstly to select all the document numbers relevant to the timestamp and wbsta value and secondly to check "Get records that may have already been used", depending on the document number and item numbers. But as we are doing a select * it will automatically select VBELN_SO as well as POSNR_SO.  Hence, the second select from the same table is irrelevant and it will only effect the performance of the system, in the worst case it will terminate the program with this huge amount of entries. Hence, this logic has to be combined to one single select for which the first select statement is enough. Playing with a huge amount of data 706706, and retrieving from the same table twice can surely result in a short dump. Also there are couple of loops has been done on the same table which reduces the performance too.
  Possible solution looks like we need to reduce the time stamp and run it,
  can some one tell me how to change the time stamp in a program???

  First check the connection with the source system. If its ok then replicate the datasource and activate. Then try with running job.
  Time stamp error usually happens when source system in BI and r/3 side differs.

• PDF signature timestamp problem

  Hi, sorry if this post is slightly offtopic.
  We are trying to sign and timestamp pdf documents in java (using Apache PDFBox) and we are stuck with a problem for more than a week. The signature itself is good, Adobe Reader can validate it succesfully (after adding our self signed test root certificate to trusted certificates). The problem is with the timestamp. Adobe Reader says that the signature is timestamped, but the timestamp could not be verified. If I look at the Date/Time tab on the Signature Properties window the Timestamp Authority field says Not available. Older versions of Adobe Reader 9 displayed the Show Certificate button for the Timestamp Authority as enabled, and if I clicked it, the Reader crashed. In newer Reader 9 versions and in Reader X the button is disabled. It seems Reader recognises the timestamp but can't extract the TSA certificate.
  However if I sign the pdf with Acrobat X Pro or with iText (using the same private key and the same TSA) everything is perfect, the timestamp is validated, Timestamp Authority field shows the correct value, TSA certifiicate is OK.
  I analyzed the signatures and the timestamp tokens, but I could not find any significant difference between the good and wrong ones.
  I wanted to attach a working and a non-working sample but I didn't find how to do that.
  Could someone please give us some advice about what could cause something like this?
  Can Reader log the signature parsing/validating process to view what's wrong?
  Thanks in advance
  Csaba

  Hi,
  I had the same problem with the pdf signature timestamp…..
  The thing I was doing wrong was the SHA-1 hash sent to the timestamp server, more precisely I was sending the whole signature SHA-1 hash when I suppose to send the SHA-1 hash of the RSA encrypted hash of the digital signature (I think that in your case is the 256 hash starting from 1783).
  Hope this helps you,
  Corina

• Query in Deleting the Signature using Acrobat 9.0

  Hello Folks,
  We have used resetForm() method before removefield() in our coding
  Observed result:
    Our application uses VC++,If the document has one Digital Signature using the fix(Mentioned below) we can able to delete the signature in the document  but when the  document has many number of Digital Signatures the fix is not working.It threws an exception
  ·        “NotAllowedSecurity: Security settings prevent access to this property or method”
  ·        The exception Id for the above exception is “0x80020009”
      Note: The behavior is wrt to Acrobat 9.0, but the code is working fine for Acrobat 7.0 and 8.0 versions. 
  If we try the scenario in our application, on timestamp the document with Acrobat 9.0 and then signing the document with the same acrobat 9.0 and when deleting the signature using our application  again our fix is not working it throws the above exception.
  The code details are given below
  //Get Nth Field is done
  DISPID dispidRestet;
  OLECHAR *methodReset = { L"resetForm" };
  hr = jso->GetIDsOfNames( IID_NULL, ( OLECHAR** )&methodReset, 1, GetUserDefaultLCID(), &dispidRestet );
  if( hr != S_OK) {
    *errCode = kPSWErrIDispatchGetIDOfNames;
    return FALSE;
  dispparam.cArgs = 1;
  dispparam.rgvarg = new VARIANT[ dispparam.cArgs ];
  dispparam.rgvarg[ 0 ].vt  = VT_BSTR;
  dispparam.rgvarg[ 0 ].bstrVal = varResult.bstrVal;  
  dispparam.cNamedArgs  = 0;
  dispparam.rgdispidNamedArgs  = NULL;
  hr = jso->Invoke( dispidRestet, IID_NULL, GetUserDefaultLCID(), DISPATCH_METHOD, &dispparam, NULL, NULL, NULL );
  if ( hr != S_OK ) {
    *errCode = kPSWErrIDispatchInvoke;
    m_pAvdoc->Close(0);
    ret = FALSE;
  EXCEPINFO exceptionInfo;
  DISPID dispid2;
  OLECHAR *methodName2 = { L"removeField" };
  hr = jso->GetIDsOfNames( IID_NULL, ( OLECHAR** )&methodName2, 1, GetUserDefaultLCID(), &dispid2 );
  if ( hr != S_OK ) {
    *errCode = kPSWErrIDispatchGetIDOfNames;
    return FALSE;
  dispparam.cArgs = 1;
  dispparam.rgvarg = new VARIANT[ dispparam.cArgs ];
  dispparam.rgvarg[ 0 ].vt  = VT_BSTR;
  dispparam.rgvarg[ 0 ].bstrVal = varResult.bstrVal; 
  dispparam.cNamedArgs  = 0;
  dispparam.rgdispidNamedArgs  = NULL;
  hr = jso->Invoke( dispid2, IID_NULL, GetUserDefaultLCID(), DISPATCH_METHOD, &dispparam, NULL, &exceptionInfo, NULL );//here hr throws the exception for multiple signed documents
  if ( hr != S_OK ) {
    *errCode = kPSWErrIDispatchInvoke;
    m_pAvdoc->Close(0);
    ret = FALSE;
    //return FALSE;
  else{
  m_pPddoc->Save(1,strPDFFile);
  m_pAvdoc->Close(true);
  Plese guide us how to over come the exception
  Regards,
  DOCNet.

  Hi Leo,
               Thanks for your reply!!!.:-)
            Both the signatures are done by me only.    
            The thing is the code works fine for one signature, but it throws an exception for documents having many signatures.
            Can you guide me how to proceed further.

• Custom security plugin

  I have a task where I need to implement Plugin that signs, does revocation check and timestamps PDF document. Currently I am investigating DocSign example that came with SDK.
  I know that Acrobat Reader users can't sign doduments unless the document that is presented to Reader is 'enabled' for signing in Reader. Can this setting be changed programmaticaly in Reader ? If yes, what API call I need to investigate....
  Also I am wondering whether default security library (Adobe.PPklite) is able to do revocation checking through OCSP or do I really need to implement a Plugin of my own ? I need to do forced revocation check. When signing document with my custom plugin I need to set up flags for this purpose, right ?
  Also I am wondering in what API call I need to bring up UI that shows Windows cert store certs ?

  No, you can't change Reader to sign any document.  It can only sign those that are enabled.  If your customers need to sign ANY PDF, then they need to purchase Acrobat.
  Yes, Acrobat & Reader support both CRL and OCSP revocation checking for signatures that are created with the appropriate filters.  Validation will take these things into account and you can ask Acrobat (via APIs) to validate a single signature or all signatures on a document and retrieve the results.
  I would read the Windows SDK documentation for how to work with it...

• Insert types BLOB

  Hi,
  I need export / import data table from a schema to an other schema, and the table has data like BLOB:
  CREATE TABLE DOC_FILE
    ID             NUMBER(19),
    MIME_TYPE      VARCHAR2(255 BYTE),
    FILE_SIZE      NUMBER(19),
    LAST_MODIFIED  TIMESTAMP(3),
    DOCUMENT       BLOB
  )I can´t execute the exp/*imp* command, because the tablespaces from the schemas are differents, so I try:
  1 Create the table in the second schema. => OK
  2 Insert data. Here I have a problem:
  the type BLOB I need to save and insert into the new table created. I have the Toad application, and I have tried 'export to a flat file' and now I have the types BLOB like files *.dat*.
  How can I insert this .dat into the new table?
  thanks.

  Hi
  What version of oracle is it you are using?
  If you are using 10g you can use datapump to import a table into a different tablespace in your destination database.
  regards,
  Mark

• Export to Word document comment timestamps

  Export to Word document from Pages 4.x causes timestamps for all comments to update to time of export. Is there a way to change that behavior?

  Jesse,
  That's a pain, isn't it?
  When the comment autofills the timestamp, backspace it out of the comment and replace with your plain text version of the current date and time. That should put a stop the the updates.
  Jerry

• Timestamped document with expired certificate - not validating

  Hi,
  I have a document that was timestamped and certified on 2010/11/23 15:32:16 -03'00'. The timestamp certificate is still valid, but the certifier's certificate expired on 2010/12/11 07:00:00 -03'00'.
  The Reader can't validate this certificate, eventhough the Security configuration says that it should use the "secure time" and accept expired timestamps.
  In "Signature Properties" it says:
  The signer's identity is unknown because it has expired or is not yet valid.
  In "Certificate Viewer" it says:
  The selected certificate has errors: Not time valid
  Shouldn't the validation use the timestamp as a source for time validation?
  Thanks!!
  -RCT.

  Hi Melvin,
  First check to see if the certificate is in the store
  PowerShell: Get-ChildItem cert:\LocalMachine\My\ to list the certs in the store
  Screenshot from my desktop
  Cheers,
  -Ivan
  -Ivan

• Signing a document, generates a "Timestamp signature property generation error:    Verification error."

  I am getting this error message when I sign my documents. Especially when I try and create a second or third signature on a document.
  I have just upgraded to Reader11.0.09 and then when I got the error, I went back to Reader 11.0.08 and then back to Reader 11.0.07 but all are giving the error. The document gets signed but a pop up box shows the "Timestamp signature property generation error: verification error"
  I have the settings pointing to our timestamp server under Preferences > Document Timestamping  > Server Settings.
  Under signature verification preferences > Verification > Verification time, I have the "Secure time (timestamp) embedded in the signature" selected.
  It seems to work but is generating the error. If I open a new document and sign it sometimes it works without the error. Occasionally it produces the error on first signing. Mostly on second and third signatures on the page..
  Any ideas?

  you can mail me directly to [email protected], and I'll try to help.
  no guarenty :-)
  Tal
  [email protected]

• New timestamps added to comments when opening document

  Pages '09 Version 4.1 Build 923
  on a Mac OS X 10.6.8
  Hi,
  I have a document which I am working on in Pages.
  When I insert a comment to it (i.e. the yellow boxes on the left-hand side), a timestamp is added to the comment automatically.  Although I don't really need that, this is fine and I can always delete it while writing my own text.
  However, what really annoys me is the following:
  Whenever I open the document again (after having saved and closed it earlier), the current timestamp is added to all comments in the document.
  If I then save, close and re-open it again, a further timestamp is added to the document and the first timestamp is also reset to the current time.
  Thus, at the moment, in *every* comment box of the rather large file I'm reviewing, I have four separate lines reading "March 9, 2012 12:31 AM". If I close and re-open the document again, there will be five lines reading "March 9, 2012 12:35 AM" (or whatever the current time will be then) in every single comment of the file.
  If I delete the three or four timestamps-per-comment, the "game" will start again the next time I open the document.
  Amy ideas at all?
  I should perhaps add that I'm working here with .doc files (not .pages files) and that I edited the info.plist of Pages to give it the role of 'editor' instead of 'viewer' for all ".doc" files. Mainly to ensure that if I work on a .doc file which I want to remain a .doc file, I don't have to Save As (.doc copy) all the time but can just save in the normal way. Could this interfere with the above problem?
  Thanks!

  "I should perhaps add that I'm working here with .doc files (not .pages files) and that I edited the info.plist of Pages to give it the role of 'editor' instead of 'viewer' for all ".doc" files. Mainly to ensure that if I work on a .doc file which I want to remain a .doc file, I don't have to Save As (.doc copy) all the time but can just save in the normal way. Could this interfere with the above problem?"
  Here is your problem. Every time you open a .doc to Pages it is a new document. When you work on in Pages it is a Pages file and not a .doc file. If you want to work in PAges save the file as the generic .pages and do the export for .doc. Keep that name and next time you Save as Word or export as word in the same location the .doc file will be overwritten with the new one. and you'll only have on .doc file and one .pages file.
  If you want only have .doc files don't use Pages.

• Inconsistent presentation of timestamp revocation information (document is LTV enabled)

  Hello, I have encountered a somewhat strange situation regarding the presentation of the timestamp revocation information.
  The following has been done:
  1) A simple document has been created, and a certifying signature with a timestamp (no revocationd data embedded) was created.
  2) On sunday I created an LTV enabled document by means of the Adobe Reader v11.
  When I check the revocation data of the embedded timestamp I see that the OCSP has been embedded into the document. This is what I would expect.
  3)  The next monday I did the same check: but now the Reader tells me that the OCSP has been obtained real-time / on-line; somehow it did not recognize any more that the OCSP is embedded (it's still there in the document).
  This is not what I expected.
  To verify my finding I created another LTV enabled document (on monday): the Reader shows that the OCSP of the timestamp is embedded.
  4) The next tuesday I checked both LTV documents: the Reader does NOT recognize the embedded OCSP any more; it tells me that it has to use the real-time/on-line/local-cache version of the OCSP.
  The description of the findings can be found in:
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/AdobeReader_Strange_Case.pdf
  ==> Question: is this a 'bug' in Adobe Reader regarding the presentation of embedded revocation info of OCSP's of timestamps or is this 'normal' behavour (if so, where is this stated in the PAdES standard)?
  Regards
  Ernst Jan
  The original document:
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/document_X.pdf
  The LTV enabled documents (at different PC's):
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/document_X_created_LTV_with_P C1.pdf
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/document_X_created_LTV_with_P C2.pdf

  Hello, I have encountered a somewhat strange situation regarding the presentation of the timestamp revocation information.
  The following has been done:
  1) A simple document has been created, and a certifying signature with a timestamp (no revocationd data embedded) was created.
  2) On sunday I created an LTV enabled document by means of the Adobe Reader v11.
  When I check the revocation data of the embedded timestamp I see that the OCSP has been embedded into the document. This is what I would expect.
  3)  The next monday I did the same check: but now the Reader tells me that the OCSP has been obtained real-time / on-line; somehow it did not recognize any more that the OCSP is embedded (it's still there in the document).
  This is not what I expected.
  To verify my finding I created another LTV enabled document (on monday): the Reader shows that the OCSP of the timestamp is embedded.
  4) The next tuesday I checked both LTV documents: the Reader does NOT recognize the embedded OCSP any more; it tells me that it has to use the real-time/on-line/local-cache version of the OCSP.
  The description of the findings can be found in:
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/AdobeReader_Strange_Case.pdf
  ==> Question: is this a 'bug' in Adobe Reader regarding the presentation of embedded revocation info of OCSP's of timestamps or is this 'normal' behavour (if so, where is this stated in the PAdES standard)?
  Regards
  Ernst Jan
  The original document:
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/document_X.pdf
  The LTV enabled documents (at different PC's):
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/document_X_created_LTV_with_P C1.pdf
  http://CloudDelivery.eu/7AB04873-1746-448B-B53E-1C1B3F25C6C1/document_X_created_LTV_with_P C2.pdf

• PADES-LTV Document timestamp verification error

  Hello,
  I have a signed pdf document which includes PADES-LTV signture with a Document timestamp signature.
  When I try to open the signed document with Adobe reader version 10.1.0.534, signature is validated however Document timestamp signature can not be verified. It says: At least one signature requires validating on the top bar. When I look at the Signatures section on the left, It says: Signer's identity is invalid because it has expired or is not yet valid. If I try to open the signature details of the document timestamp, Adobe reader crashes. (I submitted a bug report for this issue but I have not received any response yet)
  When I open the signed document with Adobe Acrobat X pro and view the details of the document timestamp signature, this value "1970/01/01 03:00:00 +03'00'" is displayed in the signature date field. Actually, Date field should be Not available since ETSI 102 778-4 V1.1.2 says: In the document timestamp dictionary Name, M, Location, Reason and contact info should not be present.
  Why does the adobe reader shows this value 1970/01/01 03:00:00 +03'00' instead of Not Available?
  What can be wrong?
  Thanks

  Thanks for answer,
  but I don't have a problem with timestamp included inside the signature.
  I have a issue with creating Document Time-stamp dictionary.
  Document Time-stamp dictionary is a standard Signature dictionary but with some changes.
  More details in PADES LTV see specification ETSI TS 102 778-4 V1.1.1 (2009-07) page 15.