This article explains how to contact an RFC3161-compliant TSA and obtain a timestamp for the given data. This is the lowest level of data timestamping where you interact directly with a TSA by sending it a hash of data and retrieving a timestamp CMS blob. If you need to create a timestamped CMS signature or add a timestamp to the existing CMS signature, please consult this article instead. How to create a higher-level RFC5544-timestamped document is explained here.
SecureBlackbox provides three components capable of talking RFC3161, all being the descendants of TElCustomTSPClient class: TElHTTPTSPClient, TElFileTSPClient, and TElSocketTSPClient. Each component is capable of communicating to the TSA via the specific protocol. TElHTTPTSPClient is intended to be used over HTTP or HTTPS; TElSocketTSPClient works with TSAs providing plain TCP access; TElFileTSPClient can be used with any other kind of transport (it allows users to direct requests wherever they need).
Code snippets below illustrate how to use TElHTTPTSPClient because HTTP(S) transport is most widely used by TSA services. The sibling components are supposed to be used in a very similar manner; the only differences will be specific to configuring the particular transport.
byte hash = TElHashFunction.Hash(SBConstants.Unit.SB_ALGORITHM_DGST_SHA256, Encoding.UTF8.GetBytes("timestamped message"));
Note: you have to handle the HTTPS client's OnCertificateValidate event if your TSA is accessed via HTTPS.
TElHTTPTSPClient tspClient = new TElHTTPTSPClient(); // when using HTTP-based TSP client we need to create a TElHTTPSClient component and set it up: TElHTTPSClient httpClient = new TElHTTPSClient(); tspClient.HTTPClient = httpClient; tspClient.URL = "http://www.mytsa.com/tsa";
tspClient.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;Occasionally, you might need to set RequestFormat to TSBTSPRequestFormat.tsfCMS. It forces the TSP client to compose the request in CMS format rather than in plain RFC3161. This feature is useful to deal with some exotic responders that only work with CMS requests. You also need to load your signing certificate into certificate storage and assign it to the TSP client's CertStorage property in this case.
If the request executes successfully (res is 0), serverResult will indicate the status response returned by the service. If serverResult is psGranted or psGrantedWithMods, the replyCms will contain the timestamp CMS. You can also access the details of the returned timestamp (such as date/time, TSA credentials and the CMS itself) via the TSP client's TSPInfo property.
int serverResult = 0; int failureInfo = 0; byte replyCms = null; int res = tspClient.Timestamp(hash, ref serverResult, ref failureInfo, ref replyCms);