EldoS | Feel safer!

Software components for data protection, secure storage and transfer

storing tsa response as a pkcs#7 *.tsr file

Posted: 01/28/2010 02:47:07
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi, yesterday you showed me that to access the contents of a *.tsr file (the timestamp response from a tsa) i need to use: TElCMSTimestamp.Create(nil, buffer). This is perfectly working.

Now I am in the inverse process:
I have a signed document (*.p7m) and want this document to receive a timestamp signature from a tsa. I want to save the response as a *.tsr file.

What I tried to do was to use:
with TElMemoryCertStorage, TElHTTPSClient, TElHTTPRequestParams, TElHTTPTSPClient

and then to use
aMessageSigner->Sign(aBuffer, aBufferSize, aTimestampBuffer, aTimestampBufferSize, true);

But I guess this is the wrong approach. The response I have in the Timestampbuffer then ist not a *.tsr File as I thought, it is actually a signature file.

What is the way to follow to simply
- open the *.p7m File
- compute its hashsum
- create a timestamping asn1 request
- send it to tsa
- store response as a *.tsr file

Thanks for your very precious help. The library is quite fantastic, the trouble is sometimes just finding what one is looking for ;)

Posted: 01/28/2010 02:56:46
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Don't know what I was thinking there. Obviously, I need to use the ->Timestamp method and not the ->Sign method.

Is that all?
Posted: 01/28/2010 03:02:55
by Eugene Mayevski (Team)

Just wondering, what software you used before to perform your tasks?

Sincerely yours
Eugene Mayevski
Posted: 01/28/2010 03:38:21
by Ken Ivanov (Team)

You need to use TElHTTPTSPClient along with TElHTTPSClient components here. Though TElMessageSigner supports timestamping, it is only capable of embedding the timestamp into the existing signature. Use the above classes to receive individual timestamps without placing them to the signature.
Posted: 01/28/2010 07:03:17
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi Eugene, Innokentiy.

Thanks for your clarifications. It's all running now, I post the howto so that others might find it useful, I'll respond to your question (what software i used before) below, together with one further detail.

HOW I DO IT NOW (and if you see anything strange, please tell me :)

1. Compute the Hashsum of the original *.p7m document

Use TElBuiltInCryptoProviderManager to get a suitable CryptoProvider:
aProvider = aManager->GetSuitableProvider3(mHashMethod, SB_SYMENC_MODE_DEFAULT);

Then get a suitable hashfunction from this provider:
aHashFunction(new TElHashFunction(mHashMethod, aProvider));
aHashFunction->Update(aBuffer, aBufferSize);
aByteString = aHashFunction->Finish();

2. Setup http connection and tsp client
Setup TElHTTPSClient, TElHTTPRequestParams, TElHTTPTSPClient

3. Do the timestamping
aTSPErrorCode = aTSPClient->Timestamp(aHashArray, aServerResult, aFailureInfo, aReplyCMS);

3. Evaluate results
Check aTSPErrorCode, aServerResult, aFailureInfo

4. Write out result as *.tsr File
Convert aReplyCMS into PK7S Format and write to file


Works fine for me. The only thing I did not really figure out was as to what cryptoprovider to use for the hash functions. There seem to be many of them (buildin, win32, pkcs11, dll etc.).
I figured out how to use TElBuiltInCryptoProviderManager to get a suitable one I think (even tough I have to pass SB_SYMENC_MODE_DEFAULT which I do not really understand if it might matter if I use the function to make simple hashes.)

Maybe you can tell me if this is all fine...


As to your question:
I used to use a Toolkit (COMellips) from an Italian CA Company (Actalis), which is much more basic to use (but obviously, much less featured and performing). Lately I did miss features and support, so we decided to switch to Eldos with SecureBlackBox, which I believe was a perfect choice, so know I am cutting out the old code and replacing with Eldos calls. I should be done any time soon now.

The difference is that COMellips had much less use-cases and those use-cases where obviously well documented.
Eldos SecureBlackBox has obviously a huge larger amount of use-cases, and a pretty fine documentation as well. But sometimes, being more than one way to approach a task, it is not so easy to identify the right way from the beginning. But that's where your support and your forum comes in, and I must say this is working just preciously!

Thanks again,

Posted: 01/28/2010 07:24:19
by Ken Ivanov (Team)

Thank you very much for the how-to. Sure it would be helpful to the users who face similar tasks.

Works fine for me. The only thing I did not really figure out was as to what cryptoprovider to use for the hash functions. There seem to be many of them (buildin, win32, pkcs11, dll etc.).

Just pass NULL as the CryptoProvider parameter. This will make TElHashFunction find the appropriate cryptographic provider automatically.
Posted: 01/28/2010 07:32:05
by Eugene Mayevski (Team)

Thank you for information. I guess that toolkit is a by-product of their internal developments, that's why they have so specific functionality and miss support.

Sincerely yours
Eugene Mayevski



Topic viewed 2057 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!