Using timestamping services with CAdES components
Timestamping services form a principal component of the CAdES framework. Besides doing their main job of signature time certification, they are also used to create the so-called archival signatures. In this sense timestamping services act as trusted third parties rather than basic time service suppliers.
Most TSAs can be contacted via the dedicated timestamping protocol (TSP) defined by RFC 3161. The protocol records are normally sent over an HTTP(S) connection, yet, plain TCP transports are also used occasionally.
To add a timestamp of any kind to a signature you need to use one of the TSP components provided by SecureBlackbox. Normally this is going to be TElHTTPTSPClient used with HTTP(S)-capable TSAs. In some cases, TElSocketTSPClient for plain TCP connections.
The example below illustrates timestamping using TElHTTPTSPClient. However, if you understand use of TElHTTPTSPClient component, cracking a much simpler TElSocketTSPClient is a piece of cake.
Assume you have a CMS, a signature in it, and you need to add a timestamp of some kind (signature timestamp, content timestamp, or archival timestamp). First of all, create and set up the timestamping objects:
TElHTTPTSPClient tsp = new TElHTTPTSPClient();
TElHTTPSClient cli = new TElHTTPSClient();
tsp.HTTPClient = cli;
tsp.URL = "http://tsa.authority.com"; // assign your TSA URL here tsp.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
cli.RequestParameters.Username = "user"; cli.RequestParameters.Password = "password";
processor.UpgradeToT(tsp);When two timestamps are needed (signature and archival, for instance), you can use the same object twice: