EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signing TimeStamp Request

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#9942
Posted: 05/07/2009 12:52:43
by Tom Novak (Basic support level)
Joined: 05/07/2009
Posts: 5

Hello,

My TSA requires to sign timestamp request (to recognize and charge user).
Is there any way to set signing request in TElHTTPTSPClient? Any idea how to walk around it?

I tried a lot of things to solve this problem. Need help.

thx
#9943
Posted: 05/07/2009 13:50:03
by Eugene Mayevski (EldoS Corp.)

There's no standard for signing TSP requests, but recently we implemented this functionality upon request from one of the polish users. So it can be that you are using the same TSP server. Please give us the TSP server name and we'll be able to answer then.


Sincerely yours
Eugene Mayevski
#9947
Posted: 05/08/2009 03:07:19
by Tom Novak (Basic support level)
Joined: 05/07/2009
Posts: 5

TSP server:
http://www.ts.kir.com.pl/HttpTspServer

thx
#9948
Posted: 05/08/2009 04:39:12
by Eugene Mayevski (EldoS Corp.)

This is a different server from the one we created adaptation for. Do you have a technical description from this TSP authority regarding how the signed request must be formatted?


Sincerely yours
Eugene Mayevski
#9953
Posted: 05/08/2009 05:45:28
by Tom Novak (Basic support level)
Joined: 05/07/2009
Posts: 5

[URL=http://www.kir.com.pl/intranet/explorator/main.php?do=getFile&noreferer=1&object=48267]technical description in polish[/URL]

See page 19.
> TSP protocol (RFC 3161 and ETSI TS 101 861)
> Request should be signed with CMS (PKCS#7) TimeStampReq
> Only signed request are allowed (CMS SignedData)
> Request should have single signature.
> Other sigantures are not allowed.
> CRL are not allowed.
> Max request size is 32000B
> Hash algorithm is SHA1.
> TSAPolicyID is not obligatory. But when is set it should be 1.2.616.1.113571.1.3

PS page 13-15 describe Response and TimeStamp structure.
#9954
Posted: 05/08/2009 06:03:19
by Ken Ivanov (EldoS Corp.)

Unfortunately, the server requires us to log on. Basing on the piece of information you provided, your TSA server seems to conform to the specification Eugene was talking about. To send such requests, set TElHTTPTSPClient.RequestFormat to TSBTSPRequestFormat.tsfCMS and assign the certificate storage object containing the signing certificate to the TElHTTPTSPClient.CertStorage property. This will make the component send signed timestamping request.
#9958
Posted: 05/08/2009 09:03:11
by Tom Novak (Basic support level)
Joined: 05/07/2009
Posts: 5

1.
In which namespace is TSBTSPRequestFormat.tsfCMS? I didn't find in help.

2.
After upgrade to version 7 I have big problems. I can't sign anything! The code is the same. I have new references, new dlls, new PKCS11Proxy dll. Solution was cleaned and rebuilt. In version 6 everything works fine.
I'm using Token Device via TElPKCS11CertStorage. Cert looks correct and is in CertStorage before Document.Close (PDF) and Sign (XAdES).
Exceptions:
PDF: "No signing certificate found"
XAdES-BES: "RSA data key expected"


Thank You For Your Help
#9959
Posted: 05/08/2009 09:36:27
by Eugene Mayevski (EldoS Corp.)

Do you have a purchased license or you are talking about evaluation license?


Sincerely yours
Eugene Mayevski
#9960
Posted: 05/08/2009 13:15:54
by Tom Novak (Basic support level)
Joined: 05/07/2009
Posts: 5

.NET Data Security package license.

If timestamping is ok, We'll buy SSLBlackbox.

In this moment, after free upgrade to version 7, i don't have signing and timestamping (still). I am going to review my code after weekend. I will try reinstall SBB too. (maybe are remains from version 6)
#9961
Posted: 05/08/2009 14:42:18
by Ken Ivanov (EldoS Corp.)

Quote
In which namespace is TSBTSPRequestFormat.tsfCMS?

Please refer to it as SBTSPClient.Unit.tsfCMS.

Quote
Cert looks correct and is in CertStorage before Document.Close (PDF) and Sign (XAdES).

And what does TElX509Certificate.PrivateKeyExists property say for this certificate?
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 7174 times

Number of guests: 3, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!