EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CreateBES with Signing Time

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#30321
Posted: 08/14/2014 03:16:16
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Hi,
I'm trying to create a Cades-BES message with signing time with no success (Message does not contain signing time).
How can i add it?

Code
            TElPKCS11CertStorage PKCS11CertStorage;
            TElX509Certificate cert;
            TElPKCS11SessionInfo session;

            PKCS11CertStorage = new TElPKCS11CertStorage();
            PKCS11CertStorage.DLLName = @"C:\Windows\SysWOW64\eTPKCS11.dll";
            PKCS11CertStorage.Open();
            session = PKCS11CertStorage.OpenSession(0, true);
            session.Login((int)SBPKCS11Base.Unit.utUser, "xxxx");
            cert = PKCS11CertStorage.get_Certificates(0);

            TElSignedCMSMessage cms = new TElSignedCMSMessage();
            var plainBytes = Encoding.UTF8.GetBytes(plainText);
            cms.CreateNew(plainBytes, 0, plainBytes.Length);

            TElCMSSignature sig = cms.get_Signatures(cms.AddSignature());
            sig.DigestAlgorithm = SBConstants.__Global.SB_ALGORITHM_DGST_SHA256;
            sig.SigningTime = System.DateTime.UtcNow;

            TElCAdESSignatureProcessor processor = new TElCAdESSignatureProcessor();
            processor.Signature = sig;
            processor.CreateBES(cert);

            MemoryStream cmsStream = new MemoryStream();
            cms.Save(cmsStream);
            var result = cmsStream.ToArray();
#30322
Posted: 08/14/2014 03:21:51
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

How do you check that message doesn't contain the time? Also you don't need to set sig.SigningTime manually as CreateBES method will set it to current UTC time.
#30323
Posted: 08/14/2014 03:34:23
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

with "P7S viewer", please see attached message.
I have tried both ways (with or without setting SigningTime)
Not: I renamed file to be able to upload
#30324
Posted: 08/14/2014 03:42:41
by Eugene Mayevski (EldoS Corp.)

Attachments are restricted for a reason, I have removed your attachment.

I suspect that this tool doesn't work right. If you have a link to the web page where it was taken from, you are welcome to post it.


Sincerely yours
Eugene Mayevski
#30325
Posted: 08/14/2014 03:44:55
by Vsevolod Ievgiienko (EldoS Corp.)

I've just checked the file using our CMS manager sample and it shows that signing time is on its place. Most likely P7S viewer doesn't work correctly.
#30326
Posted: 08/14/2014 04:11:42
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Please attached zip which contains signed messages with SecureBlackbox and with another .net library.
With CMS manager sample, i can signing time of both signatures.
With P7S Viewer(http://www.signfiles.com/p7s-viewer): I can see signing time of other signed message, but not SecureBlackBox's.
Also, REM provider in Turkey accepts signature of other but not SecureBlackBox's.(Main purpose)

Do you have any idea?
#30327
Posted: 08/14/2014 04:12:25
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Sorry, zip is attached
#30328
Posted: 08/14/2014 04:16:11
by Eugene Mayevski (EldoS Corp.)

Please do NOT post anything not accepted by the forum. We don't welcome EXE, ZIP and other files unless we explicitly ask for them.

In your case you see not "Signing time" but a Timestamp (as per RFC 3161), which is a different thing. Timestamping is a separate procedure which can be or be not performed during signing. It involves connecting to the third-party timestamping server.


Sincerely yours
Eugene Mayevski
#30329
Posted: 08/14/2014 04:18:43
by Vsevolod Ievgiienko (EldoS Corp.)

Its possible that the program shows timestamp, but not the signing time.
#30330
Posted: 08/14/2014 04:46:56
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Sorry for the attachments.
Both of them are not timestamped, side by side screenshot is attached.


Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 1012 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!