EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS#7 Data Timestamping Sample

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#8318
Posted: 12/01/2008 04:56:37
by Luca Arena (Standard support level)
Joined: 12/01/2008
Posts: 4

Hello,

I just bought the SSLBlackbox component and I succeeded in using it for document signing by using the smartcard's PKCS#11 module, as reported in the CryptoToken sample project.

Now I'm trying to timestamp the data while signing using a TSA HTTP server with user/password login. I read the help topic named "Timestamp the data", but since I am not a "native" .NET developer, it seems a bit complicated to me.

Can you give me any sample or simply point to the right .NET project in the Samples included with your package?

Thank you much,
Luca
#8319
Posted: 12/01/2008 06:00:38
by Ken Ivanov (EldoS Corp.)

Thank you for choosing SecureBlackbox.

What exactly data do you need to timestamp (which exactly component are you using for signing)?
#8327
Posted: 12/01/2008 08:25:38
by Luca Arena (Standard support level)
Joined: 12/01/2008
Posts: 4

Hello, I used your CryptoTokenDemo c# sample project as a basis.
So the main classes I used to access the smartcard and sign the files are:

TElPKCS11CertStorage
TElPKCS11SessionInfo
TElMemoryCertStorage
TElMessageSigner

Now I just want to add timestamping to the sign process. I bought timestamps from a certified TSA here in Italy and they gave me a URL, a USERNAME and a PASSWORD; so I guess I have to use the TElHTTPTSPClient class somehow.

I read in the help file that I can integrate the signing process with timestamping, as follows (Help File | How to | PKI | TSP):

Quote
Timestamp the data

To timestamp the data signature using X.509 certificates and PKCS#7 format you need to use Timestamp property of ElMessageSigner component and one of ElFileTSPClient or ElHTTPTSPClient classes, which will perform the timstamping.

The timestamp request is created automatically by ElMessageSigner when you sign the data. All you have to do is create an event handler for OnTimestampNeeded event of ElFileTSPClient class, if you want to use custom timestamp processing, or set URL property of ElHTTPTSPClient class if you want to use HTTP(S) transport. Also you need to assign the transport (an instance of ElHTTPSClient) to HTTPClient property of ElHTTPTSPClient class. If you need to setup connection properties (such as username/password), do this via an instance of ElHTTPSClient.

By default, if timestamping fails, no signing will be done. This behaviour can be modified by turning on the soIgnoreTimestampFailure option in SigningOptions property of ElMessageSigner component.


Now I'd like to understand how to send a request to the TSA and how to link the timestamping process with the signing one. In particular, I didnt understand how the timestamp request is handled automatically by the ElMessageSigner object.

I looked for samples but I didnt find the right one... maybe you can just point me to the right one, or send me another.

Thank you much,
Luca


#8346
Posted: 12/02/2008 11:55:05
by Eugene Mayevski (EldoS Corp.)

Quote
Luca Arena wrote:
Now I'd like to understand how to send a request to the TSA and how to link the timestamping process with the signing one.


What transport (HTTPS or File) do you plan to use?

Quote
Luca Arena wrote:
In particular, I didnt understand how the timestamp request is handled automatically by the ElMessageSigner object.


As this is handled automatically, your question is just not applicable.


Sincerely yours
Eugene Mayevski
#8469
Posted: 12/15/2008 06:14:51
by Luca Arena (Standard support level)
Joined: 12/01/2008
Posts: 4

As I said in my first post, I am getting the timestamp via the HTTPS protocol.
Yes, the TS request is handled automatically: what the doc doesn't explain is that I need to assign the ElHTTPTSPClient transport instance to the TSPClient property of the ElMessageSigner object to let the latter connect to the TSA server.

I think this should be clearly explained in the doc, and that it'd be useful to have a timestamping example -- even if I understand you can't build tons of examples about every single functionality of you huge library.

I still can't figure out how to connect to an HTTPS server with user/password. I'm not an internet protocol expert, so I cant understand what ElHTTPSClient properties I have to use between:
= the (undocumented) SRPUserName and SRPUserPassword properties;
= the SocksUserCode/SocksUserPassword properties;
= the WebTunnelUserId/Password properties.

I only know my TSA server gave me an HTTPS address, a user and a password... can you give me some suggestions?

Thank you much,
Luca Arena
#8470
Posted: 12/15/2008 06:34:43
by Eugene Mayevski (EldoS Corp.)

Quote
Luca Arena wrote:
Yes, the TS request is handled automatically: what the doc doesn't explain is that I need to assign the ElHTTPTSPClient transport instance to the TSPClient property of the ElMessageSigner object to let the latter connect to the TSA server.


Please give us a hint regarding where exactly in the help file you were looking for such information and I will tell our technical writer to add it.

Quote
Luca Arena wrote:
I still can't figure out how to connect to an HTTPS server with user/password. I'm not an internet protocol expert, so I cant understand what ElHTTPSClient properties I have to use between:


Use TElHTTPSClient.RequestParams.Username and TElHTTPSClient.RequestParams.Password properties.

Alternatively you can use the URL in standard notation:
http://username:password@host:port/path/to/file.ext

None of the properties you mentioned are related to HTTP authentication.


Sincerely yours
Eugene Mayevski
#8474
Posted: 12/15/2008 13:17:22
by Luca Arena (Standard support level)
Joined: 12/01/2008
Posts: 4

Thank you much Eugene, your suggestion was very helpful.

Regarding the help file, you can find the "Timestamp the data" page by navigating Table of contens | How to...? | PKI | PKCS#7-compatible signing and encryption and then clicking on the Timestamp the data link.

On that page I'd add such a sentence after the first paragraph:

You simply have to assign the ElHTTPTSPClient or ElFileTSPClient instance to the TSPClient property of the ElMessageSigner object to have the latter connect to the TSA server while signing.

And, at the end of the second paragraph, the sentence may end with (take a look at the RequestParams.Username and RequestParams.Password properties).

Thank you again,
Luca
#10819
Posted: 08/19/2009 08:40:50
by voilbak (Basic support level)
Joined: 08/19/2009
Posts: 5

1) what is the diffreence between ElHTTPTSPClient and TElHTTPTSPClient.

2) I don't find the RequestParams.Username and RequestParams.Password properties for TElHTTPSClient.

It's also not mentionned in [URL=http://www.eldos.com/documentation/sbb/documentation/ref_cl_httptspclient.html]this help file[/URL] :

3 ) I call the ElMessageSigner.Sign method after setting the ElMessageSigner.TSPClient property, do i still need to explicitly call the ElMessageSigner.Timestamp method???
#10821
Posted: 08/19/2009 09:18:38
by Eugene Mayevski (EldoS Corp.)

Your questions are not related to the current topic. Please post your questions as a new topic and we'll answer there.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 3873 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!