To verify the signature follow these steps:
Step 1: Download the Root and Intermediate file: https://www.bit.admin.ch/bit/en/home/subsites/allgemeines-zur-swiss-government-pki/rootzertifikate/Swiss-Government-Root-CA-iv.html
Step 2: Download the Certificate: https://www.bit.admin.ch/bit/en/home/subsites/allgemeines-zur-swiss-government-pki/tsa-service.html
Step 3: Decode the certificates (enter them in the command prompt (Windows) or Terminal (Mac))
Decode certificates
openssl x509 -inform DER -in RootCAIV.crt -out RootCAIV.pemopenssl x509 -inform DER -in RegulatedCA02.crt -out RegulatedCA02.pem |
Step 4: Merge the two .pem files into one root.pem
Windows:
Windows: Copy content file
type RootCAIV.pem RegulatedCA02.pem > root.pem |
Linux & macOS:
Linux | Unix: copy content file
cat RootCAIV.pem RegulatedCA02.pem > root.pem |
If the commands don't work in your environment, you can open the RootCAIV.pem file & the RegulatedCA02.pem file and copy and paste their content into the root.pem
How to check if the file has not changed
Verify file if signature is still valid
openssl ts -verify -data [name of your file].pdf -in [name of your file].TSR -CAfile root.pem -untrusted TSAcertificate.cer |
Test now with this DEMO zip file: