EldoS | Feel safer!

Software components for data protection, secure storage and transfer

storing tsa response as a pkcs#7 *.tsr file

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#12232
Posted: 01/28/2010 02:47:07
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi, yesterday you showed me that to access the contents of a *.tsr file (the timestamp response from a tsa) i need to use: TElCMSTimestamp.Create(nil, buffer). This is perfectly working.

Now I am in the inverse process:
I have a signed document (*.p7m) and want this document to receive a timestamp signature from a tsa. I want to save the response as a *.tsr file.

What I tried to do was to use:
TElMessageSigner
with TElMemoryCertStorage, TElHTTPSClient, TElHTTPRequestParams, TElHTTPTSPClient

and then to use
aMessageSigner->Sign(aBuffer, aBufferSize, aTimestampBuffer, aTimestampBufferSize, true);

But I guess this is the wrong approach. The response I have in the Timestampbuffer then ist not a *.tsr File as I thought, it is actually a signature file.

What is the way to follow to simply
- open the *.p7m File
- compute its hashsum
- create a timestamping asn1 request
- send it to tsa
- store response as a *.tsr file

Thanks for your very precious help. The library is quite fantastic, the trouble is sometimes just finding what one is looking for ;)

regards
christoph
#12233
Posted: 01/28/2010 02:56:46
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Don't know what I was thinking there. Obviously, I need to use the ->Timestamp method and not the ->Sign method.

Is that all?
#12234
Posted: 01/28/2010 03:02:55
by Eugene Mayevski (EldoS Corp.)

Just wondering, what software you used before to perform your tasks?


Sincerely yours
Eugene Mayevski
#12235
Posted: 01/28/2010 03:38:21
by Ken Ivanov (EldoS Corp.)

You need to use TElHTTPTSPClient along with TElHTTPSClient components here. Though TElMessageSigner supports timestamping, it is only capable of embedding the timestamp into the existing signature. Use the above classes to receive individual timestamps without placing them to the signature.
#12236
Posted: 01/28/2010 07:03:17
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi Eugene, Innokentiy.

Thanks for your clarifications. It's all running now, I post the howto so that others might find it useful, I'll respond to your question (what software i used before) below, together with one further detail.

HOW I DO IT NOW (and if you see anything strange, please tell me :)

1. Compute the Hashsum of the original *.p7m document

Use TElBuiltInCryptoProviderManager to get a suitable CryptoProvider:
aProvider = aManager->GetSuitableProvider3(mHashMethod, SB_SYMENC_MODE_DEFAULT);

Then get a suitable hashfunction from this provider:
aHashFunction(new TElHashFunction(mHashMethod, aProvider));
aHashFunction->Update(aBuffer, aBufferSize);
aByteString = aHashFunction->Finish();

2. Setup http connection and tsp client
Setup TElHTTPSClient, TElHTTPRequestParams, TElHTTPTSPClient

3. Do the timestamping
aTSPErrorCode = aTSPClient->Timestamp(aHashArray, aServerResult, aFailureInfo, aReplyCMS);

3. Evaluate results
Check aTSPErrorCode, aServerResult, aFailureInfo

4. Write out result as *.tsr File
Convert aReplyCMS into PK7S Format and write to file

--

Works fine for me. The only thing I did not really figure out was as to what cryptoprovider to use for the hash functions. There seem to be many of them (buildin, win32, pkcs11, dll etc.).
I figured out how to use TElBuiltInCryptoProviderManager to get a suitable one I think (even tough I have to pass SB_SYMENC_MODE_DEFAULT which I do not really understand if it might matter if I use the function to make simple hashes.)

Maybe you can tell me if this is all fine...

--

As to your question:
I used to use a Toolkit (COMellips) from an Italian CA Company (Actalis), which is much more basic to use (but obviously, much less featured and performing). Lately I did miss features and support, so we decided to switch to Eldos with SecureBlackBox, which I believe was a perfect choice, so know I am cutting out the old code and replacing with Eldos calls. I should be done any time soon now.

The difference is that COMellips had much less use-cases and those use-cases where obviously well documented.
Eldos SecureBlackBox has obviously a huge larger amount of use-cases, and a pretty fine documentation as well. But sometimes, being more than one way to approach a task, it is not so easy to identify the right way from the beginning. But that's where your support and your forum comes in, and I must say this is working just preciously!

Thanks again,
regards

Christoph
#12237
Posted: 01/28/2010 07:24:19
by Ken Ivanov (EldoS Corp.)

Thank you very much for the how-to. Sure it would be helpful to the users who face similar tasks.

Quote
Works fine for me. The only thing I did not really figure out was as to what cryptoprovider to use for the hash functions. There seem to be many of them (buildin, win32, pkcs11, dll etc.).

Just pass NULL as the CryptoProvider parameter. This will make TElHashFunction find the appropriate cryptographic provider automatically.
#12238
Posted: 01/28/2010 07:32:05
by Eugene Mayevski (EldoS Corp.)

Thank you for information. I guess that toolkit is a by-product of their internal developments, that's why they have so specific functionality and miss support.


Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 1898 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!