EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add ContentTimeSytamp

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#16514
Posted: 05/26/2011 05:48:54
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi,

I need to add a ContentTimeStamp in an document. If I read right, in this moment the ContentTimeStamp is not supported.

If I understand it, for this I need to add manually the "id-aa-ets-contentTimeStamp" attribute using the component TELMessageSigned. After, call the TimeStamp method (I have configured the TSPClient property of the TELMessageSigned at TELHTTPTSPClient)

I tried to do this but without success.

Any Help?

Thank you very much and best regards

Claudio
#16515
Posted: 05/26/2011 05:56:40
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Content timestamps are actually supported by the CMS classes (TElSignedCMSMessage, TElCMSSignature). To add content timestamp with the use of TElMessageSigner class, you will need to request the timestamp manually before calling the Sign() method (by passing the hash of the document to the TElHTTPTSPClient.Timestamp() method), and then add the obtained timestamp as a id-aa-ets-contentTimeStamp attribute.
#16516
Posted: 05/26/2011 07:32:57
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Innokentiy

thank you very much for your support.


Quote
Content timestamps are actually supported by the CMS classes


Great, but in Help this is not mentionated.

I tried with CMS Message with this code

Code

        CMSSigner := TElSignedCMSMessage.Create( nil );
        try
          CMSSigner.CreateNew( InBuffer, InSize );
          I := CMSSigner.AddSignature;
          TSPClient.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
          ts := CMSSigner.Signatures[ I ].AddContentTimestamp( TSPClient );
          s2 := TMemoryStream.Create( );
          try
            CMSSigner.Save( s2 );
            s2.SaveToFile('c:\test.tsd');          
          finally
            s2.Free;
          end;
        finally
          CMSSigner.Free;
        end;


But not work. I need to add the ContentTimeStamp to a document regardless of whether or not that this is digitally signed

Thank you very much and best regards

Claudio
#16517
Posted: 05/26/2011 07:43:47
by Ken Ivanov (EldoS Corp.)

The help is slightly behind the schedule. We are sorry for the inconvenience.

Content timestamp can only be added to an existing signature (as it is stored as a signed attribute).
#16518
Posted: 05/26/2011 09:38:25
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Quote
Content timestamp can only be added to an existing signature (as it is stored as a signed attribute).


But this is true only for the CMS classes? With TELMessageSigned I can add only the TimeStamp regardless of the digital signature? If yes have you a little sample?

Thank you very much

Best Regards

Claudio
#16519
Posted: 05/26/2011 09:41:53
by Ken Ivanov (EldoS Corp.)

It is true for any component that deals with PKCS#7/CMS structure. Timestamps of any kind cannot be added to "nothing", they are always added to some signature.
#16520
Posted: 05/26/2011 10:17:33
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Innokentiy,

Quote
It is true for any component that deals with PKCS#7/CMS structure. Timestamps of any kind cannot be added to "nothing", they are always added to some signature.


Sorry, but I'm a bit 'confused.

I attach an example of a file marked in time that I would get through your library. This sample is make with a software named DigitalSign.

Can I get this with SBB?

Thank you very much

PS: the file is zipped

Claudio


[ Download ]
#16521
Posted: 05/26/2011 10:47:03
by Ken Ivanov (EldoS Corp.)

The document you attached is not a PKCS#7/CMS-compliant one. Instead, it contains data of "TimestampedData" type (defined in RFC 5544). This format is not supported by SecureBlackbox at the moment. Sorry for disappointing you.

You are also welcome to submit a request to the wish list. If there is a good demand for this feature, we will add it to the product.
#16522
Posted: 05/26/2011 17:00:07
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Innokentiy

thank you very much for your support.

I add the request in Wish List.

In your opinion, is there a way for a workaround at this time?

Best Regards

Claudio
#16523
Posted: 05/26/2011 17:31:41
by Ken Ivanov (EldoS Corp.)

Claudio,

Unfortunately, no quick-and-dirty workaround is available. Timestamped Data type is too different to PKCS#7 structure, so it cannot be implemented, say, by simply tweaking existing PKCS#7 code. It would take dozens of hours to implement this format correctly from scratch, and we just cannot sacrifice our current tasks for the sake of implementing it out-of-band. Indeed, we are looking positively at covering as large scope of security standards as possible, but this standard is just too different to all the functionality we already have. Sorry.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 2759 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!