EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ArchiveTimeStamp hash

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#37570
Posted: 08/26/2016 04:15:59
by Peter  (Basic support level)
Joined: 08/26/2016
Posts: 2

Hello,
I am creating archive timestamp by calling
Code
verifier.XAdESProcessor.AddArchiveTimestamp(getTspClient());

in method getTspClient() I am creating TElFileTSPClient and handling
Code
tspClient.OnTimestampNeeded += (object sender, Stream requestStream, Stream replyStream, ref bool succeeded) =>
            { ... }

My question is, from what part of signature is requestStream taken? I need compare hash in ArchiveTimeStamp/EncapsulatedTimeStamp element (which I have decoded) with hash, which is counted from some part of signature, when archive timestamp is created. Or is there some other option, how to check, if archive timestamp is valid?
#37575
Posted: 08/26/2016 08:06:20
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period. We also offer Premium support for a purchase from https://www.eldos.com/support/calc.php . You can use Premium Support to get higher level of assistance during your evaluation of our products.

Quote
My question is, from what part of signature is requestStream taken?

According to the standard. For example, for XAdES version 1.3.2 please refer to section 7.7.1 at http://www.etsi.org/deliver/etsi_ts/1...10302p.pdf
Quote
I need compare hash in ArchiveTimeStamp/EncapsulatedTimeStamp element (which I have decoded) with hash, which is counted from some part of signature, when archive timestamp is created. Or is there some other option, how to check, if archive timestamp is valid?

No, you only need to call TElXAdESVerifier.Validate(..) method. If the Validate() method result is not valid, then you should check the Reason parameter value.
For example, if some of archive timestamps is invalid the Reason value would contain xvrArchiveTimestampInvalid flag. TimestampInvalid flag means that either a timestamp is corrupted, or timestamped data doesn't match or timestamp signing certificate is invalid.
If you need to known which Archive timestamp is invalid (if you have several of them), you can check them individually, by traversing them using TElXAdESVerifier.ArchiveTimestamps/ArchiveTimestampCount properties. Then, for example to check if the timestamped data is correct you can use TElXAdESVerifier.CheckTimestamp(..) method. For details, please refer to XMLBlackbox\AdvancedSigner sample.
#37593
Posted: 08/30/2016 04:02:08
by Peter  (Basic support level)
Joined: 08/26/2016
Posts: 2

Thank you for quick answer.

As can I have one more question, when I call TElXAdESVerifier.CheckTimestamp(..), it return bool value. It is possible to get reason, when value is false? Thank you.
#37599
Posted: 08/30/2016 06:58:15
by Dmytro Bogatskyy (EldoS Corp.)

Hi,

Quote
As can I have one more question, when I call TElXAdESVerifier.CheckTimestamp(..), it return bool value. It is possible to get reason, when value is false?

The value of this method is false if the hash value of timestamped data doesn't match message imprint. In other words, it means that timestamped data was modified. It is not possible to detect what exactly data have changed.

Reply

Statistics

Topic viewed 413 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!