I am writing an application (with Visual C++) that outputs PDF files,
everything done programmatically (phew). Now I want to be able to add a
signature and/or timestamp to my PDF files. After a long research (and
thanks to the newsgroups), I was finally able to add a signature to my
PDF files, using the "adbe.x509.rsa_sha1" subfilter:
1) create a SHA1 hash of the file (excluding the /Contents entry) using
CryptCreateHash and CryptHashData
2) sign the hash with my certificate using CryptSignHash
3) reverse the bytes in order to obtain a valid PKCS#1 signature
4) DER-encode the result using CryptEncodeObject
This goes to the /Contents entry of the signature field, and then I
write my certificate into the /Cert entry.
This works!!!
(Though I'm not sure it is portable to any kind of certificate...)

Now I want to add a timestamp.
The PDF specifications say that I can do it in two ways:
1) into the /M entry of the signature field.
2) into the /Contents entry, if I change my subfilter to
"adbe.pkcs7.detached" or "adbe.pkcs7.sha1", but then I must be able to
create a PKCS#7 object containing my hash plus the certifcate plus the
timestamp.
How to do that?

If I choose solution 1), which I'd prefer, then must I exclude both the
/M and the /Contents entries from the byte range? And use that byte
range for both hashes?
Because it seems that a timestamp is done by sending a hash of the data
(again) to a time stamping server. Which data? The same data as for the
signature? Or is there another way?
If I choose solution 2), then does someone know how to create that
famous PKCS#7 object that includes several objects??? Can it be done
using CryptoAPI or other? Some talk about CryptSignMessage, that does
PKCS#7. But how can I include several objects into one?

This PDF is giving me very hard time sometimes... :)
And I still haven't tried UNICODE... ;)
Thanks to anyone who can help!!!!!!