EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CreateBES with Signing Time

Posted: 08/14/2014 03:16:16
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

I'm trying to create a Cades-BES message with signing time with no success (Message does not contain signing time).
How can i add it?

            TElPKCS11CertStorage PKCS11CertStorage;
            TElX509Certificate cert;
            TElPKCS11SessionInfo session;

            PKCS11CertStorage = new TElPKCS11CertStorage();
            PKCS11CertStorage.DLLName = @"C:\Windows\SysWOW64\eTPKCS11.dll";
            session = PKCS11CertStorage.OpenSession(0, true);
            session.Login((int)SBPKCS11Base.Unit.utUser, "xxxx");
            cert = PKCS11CertStorage.get_Certificates(0);

            TElSignedCMSMessage cms = new TElSignedCMSMessage();
            var plainBytes = Encoding.UTF8.GetBytes(plainText);
            cms.CreateNew(plainBytes, 0, plainBytes.Length);

            TElCMSSignature sig = cms.get_Signatures(cms.AddSignature());
            sig.DigestAlgorithm = SBConstants.__Global.SB_ALGORITHM_DGST_SHA256;
            sig.SigningTime = System.DateTime.UtcNow;

            TElCAdESSignatureProcessor processor = new TElCAdESSignatureProcessor();
            processor.Signature = sig;

            MemoryStream cmsStream = new MemoryStream();
            var result = cmsStream.ToArray();
Posted: 08/14/2014 03:21:51
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

How do you check that message doesn't contain the time? Also you don't need to set sig.SigningTime manually as CreateBES method will set it to current UTC time.
Posted: 08/14/2014 03:34:23
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

with "P7S viewer", please see attached message.
I have tried both ways (with or without setting SigningTime)
Not: I renamed file to be able to upload
Posted: 08/14/2014 03:42:41
by Eugene Mayevski (Team)

Attachments are restricted for a reason, I have removed your attachment.

I suspect that this tool doesn't work right. If you have a link to the web page where it was taken from, you are welcome to post it.

Sincerely yours
Eugene Mayevski
Posted: 08/14/2014 03:44:55
by Vsevolod Ievgiienko (Team)

I've just checked the file using our CMS manager sample and it shows that signing time is on its place. Most likely P7S viewer doesn't work correctly.
Posted: 08/14/2014 04:11:42
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Please attached zip which contains signed messages with SecureBlackbox and with another .net library.
With CMS manager sample, i can signing time of both signatures.
With P7S Viewer(http://www.signfiles.com/p7s-viewer): I can see signing time of other signed message, but not SecureBlackBox's.
Also, REM provider in Turkey accepts signature of other but not SecureBlackBox's.(Main purpose)

Do you have any idea?
Posted: 08/14/2014 04:12:25
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Sorry, zip is attached
Posted: 08/14/2014 04:16:11
by Eugene Mayevski (Team)

Please do NOT post anything not accepted by the forum. We don't welcome EXE, ZIP and other files unless we explicitly ask for them.

In your case you see not "Signing time" but a Timestamp (as per RFC 3161), which is a different thing. Timestamping is a separate procedure which can be or be not performed during signing. It involves connecting to the third-party timestamping server.

Sincerely yours
Eugene Mayevski
Posted: 08/14/2014 04:18:43
by Vsevolod Ievgiienko (Team)

Its possible that the program shows timestamp, but not the signing time.
Posted: 08/14/2014 04:46:56
by Somer B. (Basic support level)
Joined: 08/07/2014
Posts: 7

Sorry for the attachments.
Both of them are not timestamped, side by side screenshot is attached.



Topic viewed 1301 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!