Discuss this help topic in SecureBlackbox Forum

Load CMS message

Using timestamping services with CAdES components Timestamping services form a principal component of the CAdES framework. Besides doing their straightforward job of signature deed time certification, they are used to create so-called archival signatures. In this sense timestamping services act as trusted third parties rather than basic time service suppliers. The majority of TSAs can be contacted via a special timestamping protocol (TSP) defined in RFC 3161. The protocol records are normally sent over an HTTP(S) connection, yet, plain TCP transports are also used occasionally. To add timestamp (of any kind) to a signature you will need to use one of TSP components included in SecureBlackbox. In the vast majority of the cases this is going to be the TElHTTPTSPClient (intended to use with HTTP(S)-capable TSAs) or, fairly rarely, TElSocketTSPClient (plain TCP) class. We will consider TElHTTPTSPClient class here, as it is used much more widely. Besides, if you understand the use of TElHTTPTSPClient component, cracking a much simpler TElSocketTSPClient would be a piece of cake for you. So, let's assume that you have a CMS, a signature in it, and you want to add timestamp of certain kind (be it a signature timestamp, a content timestamp, or an archival timestamp). First of all, create and set up timestamping objects: 1. Create an instance of TElHTTPTSPClient class: TElHTTPTSPClient tsp = new TElHTTPTSPClient(); 2. Create an HTTP transport object (TElHTTPSClient): TElHTTPSClient cli = new TElHTTPSClient(); 3. Attach the transport to the TSP component: tsp.HTTPClient = cli; 4. Configure the TSP component by setting the TSA server's URL and the hash algorithm you want to use: tsp.URL = "http://tsa.authority.com"; // assign your TSA URL here tsp.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256; 5. You might need to provide user credentials if your timestamping service requires authorization: cli.RequestParameters.Username = "user"; cli.RequestParameters.Password = "password"; 6. (optional) If your TSA should be accessed via HTTPS protocol, configure the TLS side of the transport component. At least you should handle the OnCertificateValidate event and perform proper certificate validation inside the handler. Your timestamping components are now ready and you can use them to create or upgrade signatures: processor.CreateT(cert, tsp); or processor.UpgradeToT(tsp); or, in cases where two timestamps are required (e.g. signature and archival), you can use the same object twice: processor.UpgradeToBaselineLTA(tsp, tsp)

Discuss this help topic in SecureBlackbox Forum