Discuss this help topic in SecureBlackbox Forum

Timestamp data

This article explains how to create an RFC5544-compliant timestamp over a piece of arbitrary data without signing it. If you are looking for information about timestamping digital signatures (CMS or CAdES), please consider this article instead.

With SecureBlackbox, RFC5544-based timestamping is performed with TElMessageTimestamper class (SBMessages namespace). TElMessageTimestamper only creates a proper message structure with embedded timestamps. It relies on timestamping components (such as TElHTTPTSPClient) to acquire the actual timestamp from a TSA service.

  1. Create an instance of TElMessageTimestamper class: TElMessageTimestamper timestamper = new TElMessageTimestamper();
  2. Create a timestamping client and set it up. Commonly used choice is TElHTTPTSPClient:
    TElHTTPTSPClient tspClient = new TElHTTPTSPClient();
    TElHTTPSClient httpClient = new TElHTTPSClient();
    tspClient.HTTPClient = httpClient;
    tspClient.URL = "http://mytsaservice.com/tsa";
  3. Attach your TSP client to the timestamper: timestamper.TSPClient = tspClient;
  4. Set up auxiliary properties of the timestamper. For instanct, you can specify whether the timestamped message should be detached (IncludeContent), whether the metadata should be protected (ProtectMetadata), and, optionally, the file name and the media type:
    timestamper.IncludeContent = true;
    timestamper.FileName = "myfile.txt";
  5. Finally, timestamp the data: timestamper.Timestamp(sourceStream, timestampedDataStream); That's it, the timestampedDataStream contains the timestamped data.
Note, that you can add several parallel timestamps to the same data. To do this, create and set up as many TSP clients as needed, and attach them all to the timestamper component using AddTSPClient(). The Timestamp() method will use all added TSP clients for getting independent timestamps from the corresponding TSAs.

Additional information

You can use the Timestamp method of TElMessageSigner to timestamp data signature. Before calling this method, assign the TSP client to the TSPClient property.

The timestamp request is created automatically by TElMessageSigner when you sign the data. All you have to do is create an event handler for the TElFileTSPClient.OnTimestampNeeded event (if you want to use custom timestamp processing), or set the TElHTTPTSPClient.URL property (if you want to use HTTP(S) transport). In the latter case, assign the transport (an instance of TElHTTPSClient) to TElHTTPTSPClient.HTTPClient property. Connection settings such as username and password could be specified via the TElHTTPSClient.RequestParameters property.

By default, no signing is performed if timestamping fails. This behavior can be modified by turning on the soIgnoreTimestampFailure option in the SigningOptions.

How To articles about PKCS7 signing and encryption

Discuss this help topic in SecureBlackbox Forum