Unable to verify rsassaPss(?) signature in TimeStamp Response: "signature not created by certificate"

while trying to verify a signed timestamp, I found out [openssl does not support it](https://github.com/openssl/openssl/issues/26797), and tried with Bouncycastle.

The data file is attached

[exampleresp.zip](https://github.com/user-attachments/files/24840580/exampleresp.zip)

```
# build
javac -cp bcpkix-jdk18on-1.83.jar:bcprov-jdk18on-1.83.jar:bcutil-jdk18on-1.83.jar TS.java

# exec 
echo "security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider" >> myjava.security
java -cp bcpkix-jdk18on-1.83.jar:bcprov-jdk18on-1.83.jar:bcutil-jdk18on-1.83.jar:./ -Djava.security.properties=myjava.security TS

```

However, it returns an error:

```
TimeStamp verified.
Generation time Sat Jan 24 18:09:13 CET 2026
Signer ID serial 27...
isValid?false
Exception!:
signature not created by certificate.
```

(source is attached [TS.java.txt](https://github.com/user-attachments/files/24840596/TS.java.txt) )

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to verify rsassaPss(?) signature in TimeStamp Response: "signature not created by certificate" #2242

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Unable to verify rsassaPss(?) signature in TimeStamp Response: "signature not created by certificate" #2242

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions