Skip to content

XAdES-T timestamp not shown in Word for signed DOCX #930

New issue
New issue
Open
Open
XAdES-T timestamp not shown in Word for signed DOCX#930
@xuanthu2002

Description

@xuanthu2002
xuanthu2002
opened on Nov 14, 2025

Hello POI team,

I’m using Apache POI OOXML version 5.4.1 to sign a DOCX document with XAdES-T. Although the signature is recognised by Microsoft Word (Word shows it as a valid XAdES-T signature), when I inspect the timestamp information in Word the timestamp details are missing
Here are the key details:

  • POI version: 5.4.1
  • JVM / OS: Java 8, Windows 10, MS Word 2016
  • In _xmlsignatures/sig1.xml, I see <xd:SignatureTimeStamp><xd:EncapsulatedTimeStamp>…</xd:EncapsulatedTimeStamp></xd:SignatureTimeStamp>.
  • In Word: Signature status shows “valid signature”, but when I choose “See the additional siging information...”, I see No timestamp information available and No timestamp authority information available.

Here my code:

public static byte[] signWithTSA(final byte[] dataToSign) throws IOException, InvalidFormatException, MarshalException, XMLSignatureException, RuntimeException, TransformException, NoSuchAlgorithmException, InvalidKeyException {
        SignatureConfig signatureConfig = new SignatureConfig();
        signatureConfig.setDigestAlgo(HashAlgorithm.sha256);
        signatureConfig.setKey(PKCS12Utils.getPrivateKey());
        List<X509Certificate> certChain = new ArrayList<>();
        for (Certificate cert : PKCS12Utils.getCertificateChain()) {
            certChain.add((X509Certificate) cert);
        }
        signatureConfig.setSigningCertificateChain(certChain);
        signatureConfig.setExecutionTime(new Date());
        signatureConfig.setIncludeEntireCertificateChain(true);
        signatureConfig.setCanonicalizationMethod(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signatureConfig.setXadesCanonicalizationMethod(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);

        // XAdES-T
        signatureConfig.setTspUrl(Constants.TSA_SERVER);
        signatureConfig.setTspRequestPolicy(null);
        signatureConfig.setTspOldProtocol(false);
        signatureConfig.setTspDigestAlgo(HashAlgorithm.sha256);
        signatureConfig.setXadesRole("Owner");
        signatureConfig.setSignatureDescription("Test ký dấu thời gian");
        signatureConfig.setCommitmentType("Ký dấu thời gian");

        signatureConfig.setSignatureFacets(Arrays.asList(
                new OOXMLSignatureFacet(),
                new KeyInfoSignatureFacet(),
                new XAdESSignatureFacet(),
                new XAdESXLSignatureFacet()
        ));

        try (OPCPackage pack = OPCPackage.open(new ByteArrayInputStream(dataToSign))) {
            SignatureInfo signatureInfo = new SignatureInfo();
            signatureInfo.setOpcPackage(pack);
            signatureInfo.setSignatureConfig(signatureConfig);
            signatureInfo.confirmSignature();


            ByteArrayOutputStream out = new ByteArrayOutputStream();
            pack.save(out);
            return out.toByteArray();
        }
    }

Any suggestions or sample code fragments for making the timestamp details visible in Word?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions