[Question] TSA: org.bouncycastle.asn1.ASN1ObjectIdentifier.<init> 'identifier' cannot be null

[aanno]

When I try to include TSA with the following settings:

TSA URL: https://freetsa.org/tsr
TSA Authentication: No
TSA policy (OID):
TSA Hash Algorithm: sha256

I get this error

SEVERE Es ist ein Problem aufgetreten
java.lang.NullPointerException: 'identifier' cannot be null
	at org.bouncycastle.asn1.ASN1ObjectIdentifier.<init>(Unknown Source)
	at com.lowagie.text.pdf.TSAClientBouncyCastle.getTimeStampToken(TSAClientBouncyCastle.java:207)
	at com.lowagie.text.pdf.TSAClientBouncyCastle.getTimeStampToken(TSAClientBouncyCastle.java:186)
	at com.lowagie.text.pdf.PdfPKCS7.getEncodedPKCS7(PdfPKCS7.java:1327)
	at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:425)
	at net.sf.jsignpdf.SignerLogic.run(SignerLogic.java:118)
	at java.base/java.lang.Thread.run(Thread.java:833)

It seems to be related with leaving the policy empty. What is the right policy (string) to use?

Reference:

• https://freetsa.org
• https://freetsa.org/guide
• https://freetsa.org/guide/JSignPdf-time-stamping.html

[aanno]

Well, I tried also tried '2.16.840.1.101.3.4.2.1' as OID (see http://javadox.com/org.bouncycastle/bcprov-jdk15on/1.53/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.html ) for sha256 for the same result. Hence unsure if it is related to OID...

[JohnPlanetary]

@aanno you need to enter the hash value properly. It is case sensitive!

You entered: sha256
It must be: SHA256

But I recommend the use of: SHA512
It provides better security margin.