MessageTimestamper Class

Properties   Methods   Events   Config Settings   Errors  

The MessageTimestamper class timestamps data and stores it in the PKCS#7 format.

Syntax

class secureblackbox.MessageTimestamper

Remarks

PKCS#7 (Public Key Cryptography Standard #7) is a common format used to store encrypted and signed data. It is used by a variety of protocols, including S/MIME and CMS.

Property List

---

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

data_file_name Property

A file name to be saved together with the timestamped data.

Syntax

def get_data_file_name() -> str: ...
def set_data_file_name(value: str) -> None: ...

data_file_name = property(get_data_file_name, set_data_file_name)

Default Value

""

Remarks

Use this property to provide a file name to be stored in the timestamp together with the timestamped data. This is only informational and does not necessarily need to match the file name provided via input_file.

data_uri Property

The URI to be included with the timestamped data.

Syntax

def get_data_uri() -> str: ...
def set_data_uri(value: str) -> None: ...

data_uri = property(get_data_uri, set_data_uri)

Default Value

""

Remarks

Use this property to provide a URI to be saved alongside the timestamped data. This value is only informational.

detached Property

Specifies whether a detached timestamp should be produced.

Syntax

def get_detached() -> bool: ...
def set_detached(value: bool) -> None: ...

detached = property(get_detached, set_detached)

Default Value

FALSE

Remarks

Set this property to true to produce a detached timestamp, i.e. kept separately and alongside the timestamped document.

fips_mode Property

Reserved.

Syntax

def get_fips_mode() -> bool: ...
def set_fips_mode(value: bool) -> None: ...

fips_mode = property(get_fips_mode, set_fips_mode)

Default Value

FALSE

Remarks

This property is reserved for future use.

hash_algorithm Property

Specifies the hash algorithm to be used.

Syntax

def get_hash_algorithm() -> str: ...
def set_hash_algorithm(value: str) -> None: ...

hash_algorithm = property(get_hash_algorithm, set_hash_algorithm)

Default Value

"SHA256"

Remarks

This property specifies the hash algorithm to used for calculating the signature.

input_bytes Property

Use this property to pass the input to class in the byte array form.

Syntax

def get_input_bytes() -> bytes: ...
def set_input_bytes(value: bytes) -> None: ...

input_bytes = property(get_input_bytes, set_input_bytes)

Remarks

Assign a byte array containing the data to be processed to this property.

input_file Property

A path to the source file.

Syntax

def get_input_file() -> str: ...
def set_input_file(value: str) -> None: ...

input_file = property(get_input_file, set_input_file)

Default Value

""

Remarks

Use this property to provide a path to the file containing the data to be timestamped.

input_is_hash Property

Specifies whether the input source contains the hash of the data or the actual data.

Syntax

def get_input_is_hash() -> bool: ...
def set_input_is_hash(value: bool) -> None: ...

input_is_hash = property(get_input_is_hash, set_input_is_hash)

Default Value

FALSE

Remarks

Use this property to tell the component whether the input source contains the actual data or its hash.

output_bytes Property

Use this property to read the output the class object has produced.

Syntax

def get_output_bytes() -> bytes: ...

output_bytes = property(get_output_bytes, None)

Remarks

Read the contents of this property after the operation is completed to read the produced output. This property will only be set if output_file and output_stream properties had not been assigned.

This property is read-only.

output_file Property

A path to the output file.

Syntax

def get_output_file() -> str: ...
def set_output_file(value: str) -> None: ...

output_file = property(get_output_file, set_output_file)

Default Value

""

Remarks

Use this property to specify the file to save the timestamped message to.

proxy_address Property

The IP address of the proxy server.

Syntax

def get_proxy_address() -> str: ...
def set_proxy_address(value: str) -> None: ...

proxy_address = property(get_proxy_address, set_proxy_address)

Default Value

""

Remarks

The IP address of the proxy server.

proxy_authentication Property

The authentication type used by the proxy server.

Syntax

def get_proxy_authentication() -> int: ...
def set_proxy_authentication(value: int) -> None: ...

proxy_authentication = property(get_proxy_authentication, set_proxy_authentication)

Default Value

0

Remarks

The authentication type used by the proxy server.

proxy_password Property

The password to authenticate to the proxy server.

Syntax

def get_proxy_password() -> str: ...
def set_proxy_password(value: str) -> None: ...

proxy_password = property(get_proxy_password, set_proxy_password)

Default Value

""

Remarks

The password to authenticate to the proxy server.

proxy_port Property

The port on the proxy server to connect to.

Syntax

def get_proxy_port() -> int: ...
def set_proxy_port(value: int) -> None: ...

proxy_port = property(get_proxy_port, set_proxy_port)

Default Value

0

Remarks

The port on the proxy server to connect to.

proxy_proxy_type Property

The type of the proxy server.

Syntax

def get_proxy_proxy_type() -> int: ...
def set_proxy_proxy_type(value: int) -> None: ...

proxy_proxy_type = property(get_proxy_proxy_type, set_proxy_proxy_type)

Default Value

0

Remarks

The type of the proxy server.

The WebTunnel proxy is also known as HTTPS proxy. Unlike HTTP proxy, HTTPS proxy (WebTunnel) provides end-to-end security.

proxy_request_headers Property

Contains HTTP request headers for WebTunnel and HTTP proxy.

Syntax

def get_proxy_request_headers() -> str: ...
def set_proxy_request_headers(value: str) -> None: ...

proxy_request_headers = property(get_proxy_request_headers, set_proxy_request_headers)

Default Value

""

Remarks

Contains HTTP request headers for WebTunnel and HTTP proxy.

proxy_response_body Property

Contains the HTTP or HTTPS (WebTunnel) proxy response body.

Syntax

def get_proxy_response_body() -> str: ...
def set_proxy_response_body(value: str) -> None: ...

proxy_response_body = property(get_proxy_response_body, set_proxy_response_body)

Default Value

""

Remarks

Contains the HTTP or HTTPS (WebTunnel) proxy response body.

proxy_response_headers Property

Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.

Syntax

def get_proxy_response_headers() -> str: ...
def set_proxy_response_headers(value: str) -> None: ...

proxy_response_headers = property(get_proxy_response_headers, set_proxy_response_headers)

Default Value

""

Remarks

Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.

proxy_use_ipv6 Property

Specifies whether IPv6 should be used when connecting through the proxy.

Syntax

def get_proxy_use_ipv6() -> bool: ...
def set_proxy_use_ipv6(value: bool) -> None: ...

proxy_use_ipv6 = property(get_proxy_use_ipv6, set_proxy_use_ipv6)

Default Value

FALSE

Remarks

Specifies whether IPv6 should be used when connecting through the proxy.

proxy_use_proxy Property

Enables or disables proxy-driven connection.

Syntax

def get_proxy_use_proxy() -> bool: ...
def set_proxy_use_proxy(value: bool) -> None: ...

proxy_use_proxy = property(get_proxy_use_proxy, set_proxy_use_proxy)

Default Value

FALSE

Remarks

Enables or disables proxy-driven connection.

proxy_username Property

Specifies the username credential for proxy authentication.

Syntax

def get_proxy_username() -> str: ...
def set_proxy_username(value: str) -> None: ...

proxy_username = property(get_proxy_username, set_proxy_username)

Default Value

""

Remarks

Specifies the username credential for proxy authentication.

socket_dns_mode Property

Selects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.

Syntax

def get_socket_dns_mode() -> int: ...
def set_socket_dns_mode(value: int) -> None: ...

socket_dns_mode = property(get_socket_dns_mode, set_socket_dns_mode)

Default Value

0

Remarks

Selects the DNS resolver to use: the component's (secure) built-in one, or the one provided by the system.

socket_dns_port Property

Specifies the port number to be used for sending queries to the DNS server.

Syntax

def get_socket_dns_port() -> int: ...
def set_socket_dns_port(value: int) -> None: ...

socket_dns_port = property(get_socket_dns_port, set_socket_dns_port)

Default Value

0

Remarks

Specifies the port number to be used for sending queries to the DNS server.

socket_dns_query_timeout Property

The timeout (in milliseconds) for each DNS query.

Syntax

def get_socket_dns_query_timeout() -> int: ...
def set_socket_dns_query_timeout(value: int) -> None: ...

socket_dns_query_timeout = property(get_socket_dns_query_timeout, set_socket_dns_query_timeout)

Default Value

0

Remarks

The timeout (in milliseconds) for each DNS query. The value of 0 indicates the infinite timeout.

socket_dns_servers Property

The addresses of DNS servers to use for address resolution, separated by commas or semicolons.

Syntax

def get_socket_dns_servers() -> str: ...
def set_socket_dns_servers(value: str) -> None: ...

socket_dns_servers = property(get_socket_dns_servers, set_socket_dns_servers)

Default Value

""

Remarks

The addresses of DNS servers to use for address resolution, separated by commas or semicolons.

socket_dns_total_timeout Property

The timeout (in milliseconds) for the whole resolution process.

Syntax

def get_socket_dns_total_timeout() -> int: ...
def set_socket_dns_total_timeout(value: int) -> None: ...

socket_dns_total_timeout = property(get_socket_dns_total_timeout, set_socket_dns_total_timeout)

Default Value

0

Remarks

The timeout (in milliseconds) for the whole resolution process. The value of 0 indicates the infinite timeout.

socket_incoming_speed_limit Property

The maximum number of bytes to read from the socket, per second.

Syntax

def get_socket_incoming_speed_limit() -> int: ...
def set_socket_incoming_speed_limit(value: int) -> None: ...

socket_incoming_speed_limit = property(get_socket_incoming_speed_limit, set_socket_incoming_speed_limit)

Default Value

0

Remarks

The maximum number of bytes to read from the socket, per second.

socket_local_address Property

The local network interface to bind the socket to.

Syntax

def get_socket_local_address() -> str: ...
def set_socket_local_address(value: str) -> None: ...

socket_local_address = property(get_socket_local_address, set_socket_local_address)

Default Value

""

Remarks

The local network interface to bind the socket to.

socket_local_port Property

The local port number to bind the socket to.

Syntax

def get_socket_local_port() -> int: ...
def set_socket_local_port(value: int) -> None: ...

socket_local_port = property(get_socket_local_port, set_socket_local_port)

Default Value

0

Remarks

The local port number to bind the socket to.

socket_outgoing_speed_limit Property

The maximum number of bytes to write to the socket, per second.

Syntax

def get_socket_outgoing_speed_limit() -> int: ...
def set_socket_outgoing_speed_limit(value: int) -> None: ...

socket_outgoing_speed_limit = property(get_socket_outgoing_speed_limit, set_socket_outgoing_speed_limit)

Default Value

0

Remarks

The maximum number of bytes to write to the socket, per second.

socket_timeout Property

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

Syntax

def get_socket_timeout() -> int: ...
def set_socket_timeout(value: int) -> None: ...

socket_timeout = property(get_socket_timeout, set_socket_timeout)

Default Value

60000

Remarks

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

If Timeout is set to 0, a socket operation will expire after the system-default timeout (2 hrs 8 min for TCP stack).

socket_use_ipv6 Property

Enables or disables IP protocol version 6.

Syntax

def get_socket_use_ipv6() -> bool: ...
def set_socket_use_ipv6(value: bool) -> None: ...

socket_use_ipv6 = property(get_socket_use_ipv6, set_socket_use_ipv6)

Default Value

FALSE

Remarks

Enables or disables IP protocol version 6.

timestamp_format Property

Configures the desired timestamp format.

Syntax

def get_timestamp_format() -> int: ...
def set_timestamp_format(value: int) -> None: ...

timestamp_format = property(get_timestamp_format, set_timestamp_format)

Default Value

0

Remarks

Use this property to set the format in which you would like to obtain the timestamp.

timestamp_server Property

The address of the timestamping server.

Syntax

def get_timestamp_server() -> str: ...
def set_timestamp_server(value: str) -> None: ...

timestamp_server = property(get_timestamp_server, set_timestamp_server)

Default Value

""

Remarks

Use this property to provide the address of the Time Stamping Authority (TSA) server to be used for timestamping the signature.

SecureBlackbox supports RFC3161-compliant timestamping servers, available via HTTP or HTTPS.

If your timestamping service enforces credential-based user authentication (basic or digest), you can provide the credentials in the same URL:

http://user:password@timestamp.server.com/TsaService

For TSAs using certificate-based TLS authentication, provide the client certificate via the tls_client_chain property.

If this property is left empty, no timestamp will be added to the signature.

Starting from summer 2021 update (Vol. 2), the virtual timestamping service is supported, which allows you to intervene in the timestamping routine and provide your own handling for the TSA exchange. This may be handy if the service that you are requesting timestamps from uses a non-standard TSP protocol or requires special authentication option.

To employ the virtual service, assign an URI of the following format to this property:

virtual://localhost?hashonly=true&includecerts=true&reqpolicy=1.2.3.4.5&halg=SHA256

Subscribe to on_notification event to get notified about the virtualized timestamping event. The EventID of the timestamping event is TimestampRequest. Inside the event handler, read the base16-encoded request from the EventParam parameter and forward it to the timestamping authority. Upon receiving the response, pass it back to the component, encoded in base16, via the TimestampResponse config property:

component.Config("TimestampResponse=308208ab...");

Note that all the exchange with your custom TSA should take place within the same invocation of the Notification event.

The hashonly parameter of the virtual URI tells the component to only return the timestamp message imprint via the EventParam parameter. If set to false, EventParam will contain the complete RFC3161 timestamping request.

The includecerts parameter specifies that the requestCertificates parameter of the timestamping request should be set to true.

The reqpolicy parameter lets you specify the request policy, and the halg parameter specifies the hash algorithm to use for timestamping.

All the parameters are optional.

tls_client_cert_count Property

The number of records in the TLSClientCert arrays.

Syntax

def get_tls_client_cert_count() -> int: ...
def set_tls_client_cert_count(value: int) -> None: ...

tls_client_cert_count = property(get_tls_client_cert_count, set_tls_client_cert_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• tls_client_cert_bytes
• tls_client_cert_handle

The array indices start at 0 and end at tls_client_cert_count - 1.

tls_client_cert_bytes Property

Returns raw certificate data in DER format.

Syntax

def get_tls_client_cert_bytes(tls_client_cert_index: int) -> bytes: ...

Remarks

Returns raw certificate data in DER format.

The tls_client_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the tls_client_cert_count property.

This property is read-only.

tls_client_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_tls_client_cert_handle(tls_client_cert_index: int) -> int: ...
def set_tls_client_cert_handle(tls_client_cert_index: int, value: int) -> None: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The tls_client_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the tls_client_cert_count property.

tls_server_cert_count Property

The number of records in the TLSServerCert arrays.

Syntax

def get_tls_server_cert_count() -> int: ...

tls_server_cert_count = property(get_tls_server_cert_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• tls_server_cert_bytes
• tls_server_cert_handle

The array indices start at 0 and end at tls_server_cert_count - 1.

This property is read-only.

tls_server_cert_bytes Property

Returns raw certificate data in DER format.

Syntax

def get_tls_server_cert_bytes(tls_server_cert_index: int) -> bytes: ...

Remarks

Returns raw certificate data in DER format.

The tls_server_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the tls_server_cert_count property.

This property is read-only.

tls_server_cert_handle Property

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

def get_tls_server_cert_handle(tls_server_cert_index: int) -> int: ...

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The tls_server_cert_index parameter specifies the index of the item in the array. The size of the array is controlled by the tls_server_cert_count property.

This property is read-only.

tls_auto_validate_certificates Property

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

Syntax

def get_tls_auto_validate_certificates() -> bool: ...
def set_tls_auto_validate_certificates(value: bool) -> None: ...

tls_auto_validate_certificates = property(get_tls_auto_validate_certificates, set_tls_auto_validate_certificates)

Default Value

TRUE

Remarks

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

tls_base_configuration Property

Selects the base configuration for the TLS settings.

Syntax

def get_tls_base_configuration() -> int: ...
def set_tls_base_configuration(value: int) -> None: ...

tls_base_configuration = property(get_tls_base_configuration, set_tls_base_configuration)

Default Value

0

Remarks

Selects the base configuration for the TLS settings. Several profiles are on offer, tuned up for different purposes, such as high security or higher compatibility.

tls_ciphersuites Property

A list of ciphersuites separated with commas or semicolons.

Syntax

def get_tls_ciphersuites() -> str: ...
def set_tls_ciphersuites(value: str) -> None: ...

tls_ciphersuites = property(get_tls_ciphersuites, set_tls_ciphersuites)

Default Value

""

Remarks

A list of ciphersuites separated with commas or semicolons. Each ciphersuite in the list may be prefixed with a minus sign (-) to indicate that the ciphersuite should be disabled rather than enabled. Besides the specific ciphersuite modifiers, this property supports the all (and -all) aliases that allow to blanketly enable or disable all ciphersuites at once.

Note: the list of ciphersuites provided to this property alters the baseline list of ciphersuites as defined by BaseConfiguration. Remember to start your ciphersuite string with -all; if you need to only enable a specific fixed set of ciphersuites. The list of supported ciphersuites is provided below:

• NULL_NULL_NULL
• RSA_NULL_MD5
• RSA_NULL_SHA
• RSA_RC4_MD5
• RSA_RC4_SHA
• RSA_RC2_MD5
• RSA_IDEA_MD5
• RSA_IDEA_SHA
• RSA_DES_MD5
• RSA_DES_SHA
• RSA_3DES_MD5
• RSA_3DES_SHA
• RSA_AES128_SHA
• RSA_AES256_SHA
• DH_DSS_DES_SHA
• DH_DSS_3DES_SHA
• DH_DSS_AES128_SHA
• DH_DSS_AES256_SHA
• DH_RSA_DES_SHA
• DH_RSA_3DES_SHA
• DH_RSA_AES128_SHA
• DH_RSA_AES256_SHA
• DHE_DSS_DES_SHA
• DHE_DSS_3DES_SHA
• DHE_DSS_AES128_SHA
• DHE_DSS_AES256_SHA
• DHE_RSA_DES_SHA
• DHE_RSA_3DES_SHA
• DHE_RSA_AES128_SHA
• DHE_RSA_AES256_SHA
• DH_ANON_RC4_MD5
• DH_ANON_DES_SHA
• DH_ANON_3DES_SHA
• DH_ANON_AES128_SHA
• DH_ANON_AES256_SHA
• RSA_RC2_MD5_EXPORT
• RSA_RC4_MD5_EXPORT
• RSA_DES_SHA_EXPORT
• DH_DSS_DES_SHA_EXPORT
• DH_RSA_DES_SHA_EXPORT
• DHE_DSS_DES_SHA_EXPORT
• DHE_RSA_DES_SHA_EXPORT
• DH_ANON_RC4_MD5_EXPORT
• DH_ANON_DES_SHA_EXPORT
• RSA_CAMELLIA128_SHA
• DH_DSS_CAMELLIA128_SHA
• DH_RSA_CAMELLIA128_SHA
• DHE_DSS_CAMELLIA128_SHA
• DHE_RSA_CAMELLIA128_SHA
• DH_ANON_CAMELLIA128_SHA
• RSA_CAMELLIA256_SHA
• DH_DSS_CAMELLIA256_SHA
• DH_RSA_CAMELLIA256_SHA
• DHE_DSS_CAMELLIA256_SHA
• DHE_RSA_CAMELLIA256_SHA
• DH_ANON_CAMELLIA256_SHA
• PSK_RC4_SHA
• PSK_3DES_SHA
• PSK_AES128_SHA
• PSK_AES256_SHA
• DHE_PSK_RC4_SHA
• DHE_PSK_3DES_SHA
• DHE_PSK_AES128_SHA
• DHE_PSK_AES256_SHA
• RSA_PSK_RC4_SHA
• RSA_PSK_3DES_SHA
• RSA_PSK_AES128_SHA
• RSA_PSK_AES256_SHA
• RSA_SEED_SHA
• DH_DSS_SEED_SHA
• DH_RSA_SEED_SHA
• DHE_DSS_SEED_SHA
• DHE_RSA_SEED_SHA
• DH_ANON_SEED_SHA
• SRP_SHA_3DES_SHA
• SRP_SHA_RSA_3DES_SHA
• SRP_SHA_DSS_3DES_SHA
• SRP_SHA_AES128_SHA
• SRP_SHA_RSA_AES128_SHA
• SRP_SHA_DSS_AES128_SHA
• SRP_SHA_AES256_SHA
• SRP_SHA_RSA_AES256_SHA
• SRP_SHA_DSS_AES256_SHA
• ECDH_ECDSA_NULL_SHA
• ECDH_ECDSA_RC4_SHA
• ECDH_ECDSA_3DES_SHA
• ECDH_ECDSA_AES128_SHA
• ECDH_ECDSA_AES256_SHA
• ECDHE_ECDSA_NULL_SHA
• ECDHE_ECDSA_RC4_SHA
• ECDHE_ECDSA_3DES_SHA
• ECDHE_ECDSA_AES128_SHA
• ECDHE_ECDSA_AES256_SHA
• ECDH_RSA_NULL_SHA
• ECDH_RSA_RC4_SHA
• ECDH_RSA_3DES_SHA
• ECDH_RSA_AES128_SHA
• ECDH_RSA_AES256_SHA
• ECDHE_RSA_NULL_SHA
• ECDHE_RSA_RC4_SHA
• ECDHE_RSA_3DES_SHA
• ECDHE_RSA_AES128_SHA
• ECDHE_RSA_AES256_SHA
• ECDH_ANON_NULL_SHA
• ECDH_ANON_RC4_SHA
• ECDH_ANON_3DES_SHA
• ECDH_ANON_AES128_SHA
• ECDH_ANON_AES256_SHA
• RSA_NULL_SHA256
• RSA_AES128_SHA256
• RSA_AES256_SHA256
• DH_DSS_AES128_SHA256
• DH_RSA_AES128_SHA256
• DHE_DSS_AES128_SHA256
• DHE_RSA_AES128_SHA256
• DH_DSS_AES256_SHA256
• DH_RSA_AES256_SHA256
• DHE_DSS_AES256_SHA256
• DHE_RSA_AES256_SHA256
• DH_ANON_AES128_SHA256
• DH_ANON_AES256_SHA256
• RSA_AES128_GCM_SHA256
• RSA_AES256_GCM_SHA384
• DHE_RSA_AES128_GCM_SHA256
• DHE_RSA_AES256_GCM_SHA384
• DH_RSA_AES128_GCM_SHA256
• DH_RSA_AES256_GCM_SHA384
• DHE_DSS_AES128_GCM_SHA256
• DHE_DSS_AES256_GCM_SHA384
• DH_DSS_AES128_GCM_SHA256
• DH_DSS_AES256_GCM_SHA384
• DH_ANON_AES128_GCM_SHA256
• DH_ANON_AES256_GCM_SHA384
• ECDHE_ECDSA_AES128_SHA256
• ECDHE_ECDSA_AES256_SHA384
• ECDH_ECDSA_AES128_SHA256
• ECDH_ECDSA_AES256_SHA384
• ECDHE_RSA_AES128_SHA256
• ECDHE_RSA_AES256_SHA384
• ECDH_RSA_AES128_SHA256
• ECDH_RSA_AES256_SHA384
• ECDHE_ECDSA_AES128_GCM_SHA256
• ECDHE_ECDSA_AES256_GCM_SHA384
• ECDH_ECDSA_AES128_GCM_SHA256
• ECDH_ECDSA_AES256_GCM_SHA384
• ECDHE_RSA_AES128_GCM_SHA256
• ECDHE_RSA_AES256_GCM_SHA384
• ECDH_RSA_AES128_GCM_SHA256
• ECDH_RSA_AES256_GCM_SHA384
• PSK_AES128_GCM_SHA256
• PSK_AES256_GCM_SHA384
• DHE_PSK_AES128_GCM_SHA256
• DHE_PSK_AES256_GCM_SHA384
• RSA_PSK_AES128_GCM_SHA256
• RSA_PSK_AES256_GCM_SHA384
• PSK_AES128_SHA256
• PSK_AES256_SHA384
• PSK_NULL_SHA256
• PSK_NULL_SHA384
• DHE_PSK_AES128_SHA256
• DHE_PSK_AES256_SHA384
• DHE_PSK_NULL_SHA256
• DHE_PSK_NULL_SHA384
• RSA_PSK_AES128_SHA256
• RSA_PSK_AES256_SHA384
• RSA_PSK_NULL_SHA256
• RSA_PSK_NULL_SHA384
• RSA_CAMELLIA128_SHA256
• DH_DSS_CAMELLIA128_SHA256
• DH_RSA_CAMELLIA128_SHA256
• DHE_DSS_CAMELLIA128_SHA256
• DHE_RSA_CAMELLIA128_SHA256
• DH_ANON_CAMELLIA128_SHA256
• RSA_CAMELLIA256_SHA256
• DH_DSS_CAMELLIA256_SHA256
• DH_RSA_CAMELLIA256_SHA256
• DHE_DSS_CAMELLIA256_SHA256
• DHE_RSA_CAMELLIA256_SHA256
• DH_ANON_CAMELLIA256_SHA256
• ECDHE_ECDSA_CAMELLIA128_SHA256
• ECDHE_ECDSA_CAMELLIA256_SHA384
• ECDH_ECDSA_CAMELLIA128_SHA256
• ECDH_ECDSA_CAMELLIA256_SHA384
• ECDHE_RSA_CAMELLIA128_SHA256
• ECDHE_RSA_CAMELLIA256_SHA384
• ECDH_RSA_CAMELLIA128_SHA256
• ECDH_RSA_CAMELLIA256_SHA384
• RSA_CAMELLIA128_GCM_SHA256
• RSA_CAMELLIA256_GCM_SHA384
• DHE_RSA_CAMELLIA128_GCM_SHA256
• DHE_RSA_CAMELLIA256_GCM_SHA384
• DH_RSA_CAMELLIA128_GCM_SHA256
• DH_RSA_CAMELLIA256_GCM_SHA384
• DHE_DSS_CAMELLIA128_GCM_SHA256
• DHE_DSS_CAMELLIA256_GCM_SHA384
• DH_DSS_CAMELLIA128_GCM_SHA256
• DH_DSS_CAMELLIA256_GCM_SHA384
• DH_anon_CAMELLIA128_GCM_SHA256
• DH_anon_CAMELLIA256_GCM_SHA384
• ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
• ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
• ECDH_ECDSA_CAMELLIA128_GCM_SHA256
• ECDH_ECDSA_CAMELLIA256_GCM_SHA384
• ECDHE_RSA_CAMELLIA128_GCM_SHA256
• ECDHE_RSA_CAMELLIA256_GCM_SHA384
• ECDH_RSA_CAMELLIA128_GCM_SHA256
• ECDH_RSA_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_GCM_SHA256
• PSK_CAMELLIA256_GCM_SHA384
• DHE_PSK_CAMELLIA128_GCM_SHA256
• DHE_PSK_CAMELLIA256_GCM_SHA384
• RSA_PSK_CAMELLIA128_GCM_SHA256
• RSA_PSK_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_SHA256
• PSK_CAMELLIA256_SHA384
• DHE_PSK_CAMELLIA128_SHA256
• DHE_PSK_CAMELLIA256_SHA384
• RSA_PSK_CAMELLIA128_SHA256
• RSA_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_CAMELLIA128_SHA256
• ECDHE_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_RC4_SHA
• ECDHE_PSK_3DES_SHA
• ECDHE_PSK_AES128_SHA
• ECDHE_PSK_AES256_SHA
• ECDHE_PSK_AES128_SHA256
• ECDHE_PSK_AES256_SHA384
• ECDHE_PSK_NULL_SHA
• ECDHE_PSK_NULL_SHA256
• ECDHE_PSK_NULL_SHA384
• ECDHE_RSA_CHACHA20_POLY1305_SHA256
• ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
• DHE_RSA_CHACHA20_POLY1305_SHA256
• PSK_CHACHA20_POLY1305_SHA256
• ECDHE_PSK_CHACHA20_POLY1305_SHA256
• DHE_PSK_CHACHA20_POLY1305_SHA256
• RSA_PSK_CHACHA20_POLY1305_SHA256
• AES128_GCM_SHA256
• AES256_GCM_SHA384
• CHACHA20_POLY1305_SHA256
• AES128_CCM_SHA256
• AES128_CCM8_SHA256

tls_ec_curves Property

Defines the elliptic curves to enable.

Syntax

def get_tls_ec_curves() -> str: ...
def set_tls_ec_curves(value: str) -> None: ...

tls_ec_curves = property(get_tls_ec_curves, set_tls_ec_curves)

Default Value

""

Remarks

Defines the elliptic curves to enable.

tls_extensions Property

Provides access to TLS extensions.

Syntax

def get_tls_extensions() -> str: ...
def set_tls_extensions(value: str) -> None: ...

tls_extensions = property(get_tls_extensions, set_tls_extensions)

Default Value

""

Remarks

Provides access to TLS extensions.

tls_force_resume_if_destination_changes Property

Whether to force TLS session resumption when the destination address changes.

Syntax

def get_tls_force_resume_if_destination_changes() -> bool: ...
def set_tls_force_resume_if_destination_changes(value: bool) -> None: ...

tls_force_resume_if_destination_changes = property(get_tls_force_resume_if_destination_changes, set_tls_force_resume_if_destination_changes)

Default Value

FALSE

Remarks

Whether to force TLS session resumption when the destination address changes.

tls_pre_shared_identity Property

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

Syntax

def get_tls_pre_shared_identity() -> str: ...
def set_tls_pre_shared_identity(value: str) -> None: ...

tls_pre_shared_identity = property(get_tls_pre_shared_identity, set_tls_pre_shared_identity)

Default Value

""

Remarks

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

tls_pre_shared_key Property

Contains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

Syntax

def get_tls_pre_shared_key() -> str: ...
def set_tls_pre_shared_key(value: str) -> None: ...

tls_pre_shared_key = property(get_tls_pre_shared_key, set_tls_pre_shared_key)

Default Value

""

Remarks

Contains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

tls_pre_shared_key_ciphersuite Property

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

Syntax

def get_tls_pre_shared_key_ciphersuite() -> str: ...
def set_tls_pre_shared_key_ciphersuite(value: str) -> None: ...

tls_pre_shared_key_ciphersuite = property(get_tls_pre_shared_key_ciphersuite, set_tls_pre_shared_key_ciphersuite)

Default Value

""

Remarks

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

tls_renegotiation_attack_prevention_mode Property

Selects renegotiation attack prevention mechanism.

Syntax

def get_tls_renegotiation_attack_prevention_mode() -> int: ...
def set_tls_renegotiation_attack_prevention_mode(value: int) -> None: ...

tls_renegotiation_attack_prevention_mode = property(get_tls_renegotiation_attack_prevention_mode, set_tls_renegotiation_attack_prevention_mode)

Default Value

0

Remarks

Selects renegotiation attack prevention mechanism.

The following options are available:

tls_revocation_check Property

Specifies the kind(s) of revocation check to perform.

Syntax

def get_tls_revocation_check() -> int: ...
def set_tls_revocation_check(value: int) -> None: ...

tls_revocation_check = property(get_tls_revocation_check, set_tls_revocation_check)

Default Value

1

Remarks

Specifies the kind(s) of revocation check to perform.

Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.

This setting controls the way the revocation checks are performed. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to faster OCSP route and only demand one source to succeed) is a good choice for most of typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

tls_ssl_options Property

Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.

Syntax

def get_tls_ssl_options() -> int: ...
def set_tls_ssl_options(value: int) -> None: ...

tls_ssl_options = property(get_tls_ssl_options, set_tls_ssl_options)

Default Value

16

Remarks

Various SSL (TLS) protocol options, set of

tls_tls_mode Property

Specifies the TLS mode to use.

Syntax

def get_tls_tls_mode() -> int: ...
def set_tls_tls_mode(value: int) -> None: ...

tls_tls_mode = property(get_tls_tls_mode, set_tls_tls_mode)

Default Value

0

Remarks

Specifies the TLS mode to use.

tls_use_extended_master_secret Property

Enables Extended Master Secret Extension, as defined in RFC 7627.

Syntax

def get_tls_use_extended_master_secret() -> bool: ...
def set_tls_use_extended_master_secret(value: bool) -> None: ...

tls_use_extended_master_secret = property(get_tls_use_extended_master_secret, set_tls_use_extended_master_secret)

Default Value

FALSE

Remarks

Enables Extended Master Secret Extension, as defined in RFC 7627.

tls_use_session_resumption Property

Enables or disables TLS session resumption capability.

Syntax

def get_tls_use_session_resumption() -> bool: ...
def set_tls_use_session_resumption(value: bool) -> None: ...

tls_use_session_resumption = property(get_tls_use_session_resumption, set_tls_use_session_resumption)

Default Value

FALSE

Remarks

Enables or disables TLS session resumption capability.

tls_versions Property

The SSL/TLS versions to enable by default.

Syntax

def get_tls_versions() -> int: ...
def set_tls_versions(value: int) -> None: ...

tls_versions = property(get_tls_versions, set_tls_versions)

Default Value

16

Remarks

The SSL/TLS versions to enable by default.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

do_action Method

Performs an additional action.

Syntax

def do_action(action_id: str, action_params: str) -> str: ...

Remarks

do_action is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insencitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

timestamp Method

Timestamps the data.

Syntax

def timestamp() -> None: ...

Remarks

Call this method to timestamp the content provided in input_file (or input_stream) with a trusted timestamp from timestamp_server.

on_error Event

Information about errors during PKCS#7 message encryption.

Syntax

class MessageTimestamperErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class MessageTimestamper:
@property
def on_error() -> Callable[[MessageTimestamperErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[MessageTimestamperErrorEventParams], None]) -> None: ...

Remarks

The event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Messages section.

on_notification Event

This event notifies the application about an underlying control flow event.

Syntax

class MessageTimestamperNotificationEventParams(object):
  @property
  def event_id() -> str: ...

  @property
  def event_param() -> str: ...

# In class MessageTimestamper:
@property
def on_notification() -> Callable[[MessageTimestamperNotificationEventParams], None]: ...
@on_notification.setter
def on_notification(event_hook: Callable[[MessageTimestamperNotificationEventParams], None]) -> None: ...

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.

This class can fire this event with the following EventID values:

on_timestamp_request Event

Fires when the class is ready to request a timestamp from an external TSA.

Syntax

class MessageTimestamperTimestampRequestEventParams(object):
  @property
  def tsa() -> str: ...

  @property
  def timestamp_request() -> str: ...

  @property
  def timestamp_response() -> str: ...
  @timestamp_response.setter
  def timestamp_response(value) -> None: ...

  @property
  def suppress_default() -> bool: ...
  @suppress_default.setter
  def suppress_default(value) -> None: ...

# In class MessageTimestamper:
@property
def on_timestamp_request() -> Callable[[MessageTimestamperTimestampRequestEventParams], None]: ...
@on_timestamp_request.setter
def on_timestamp_request(event_hook: Callable[[MessageTimestamperTimestampRequestEventParams], None]) -> None: ...

Remarks

Subscribe to this event to be intercept timestamp requests. You can use it to override timestamping requests and perform them in your code.

The TSA parameter indicates the timestamping service being used. It matches the value passed to timestamp_server property. Set SuppressDefault parameter to false if you would like to stop the built-in TSA request from going ahead. The built-in TSA request is also not performed if the returned TimestampResponse parameter is not empty.

on_tls_cert_needed Event

Fires when a remote TLS party requests a client certificate.

Syntax

class MessageTimestamperTLSCertNeededEventParams(object):
  @property
  def host() -> str: ...

  @property
  def ca_names() -> str: ...

# In class MessageTimestamper:
@property
def on_tls_cert_needed() -> Callable[[MessageTimestamperTLSCertNeededEventParams], None]: ...
@on_tls_cert_needed.setter
def on_tls_cert_needed(event_hook: Callable[[MessageTimestamperTLSCertNeededEventParams], None]) -> None: ...

Remarks

This event fires to notify the implementation that a remote TLS server has requested a client certificate. The Host parameter identifies the host that makes a request, and the CANames (optional, according to the TLS spec) advises on the accepted issuing CAs.

Use the tls_client_chain property in response to this event to provide the requested certificate. Please make sure the client certificate includes the associated private key. Note that you may set the certificates before the connection without waiting for this event to fire.

This event is preceded by the on_tls_handshake event for the given host and, if the certificate was accepted, succeeded by the on_tls_established event.

on_tls_cert_validate Event

This event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Syntax

class MessageTimestamperTLSCertValidateEventParams(object):
  @property
  def server_host() -> str: ...

  @property
  def server_ip() -> str: ...

  @property
  def accept() -> bool: ...
  @accept.setter
  def accept(value) -> None: ...

# In class MessageTimestamper:
@property
def on_tls_cert_validate() -> Callable[[MessageTimestamperTLSCertValidateEventParams], None]: ...
@on_tls_cert_validate.setter
def on_tls_cert_validate(event_hook: Callable[[MessageTimestamperTLSCertValidateEventParams], None]) -> None: ...

Remarks

This event is fired during a TLS handshake. Use TLSServerChain property to access the certificate chain. In general case, components may contact a number of TLS endpoints during their work, depending on their configuration.

Accept is assigned in accordance with the outcome of the internal validation check performed by the component, and can be adjusted if needed.

on_tls_established Event

Fires when a TLS handshake with Host successfully completes.

Syntax

class MessageTimestamperTLSEstablishedEventParams(object):
  @property
  def host() -> str: ...

  @property
  def version() -> str: ...

  @property
  def ciphersuite() -> str: ...

  @property
  def connection_id() -> bytes: ...

  @property
  def abort() -> bool: ...
  @abort.setter
  def abort(value) -> None: ...

# In class MessageTimestamper:
@property
def on_tls_established() -> Callable[[MessageTimestamperTLSEstablishedEventParams], None]: ...
@on_tls_established.setter
def on_tls_established(event_hook: Callable[[MessageTimestamperTLSEstablishedEventParams], None]) -> None: ...

Remarks

The class uses this event to notify the application about successful completion of a TLS handshake.

The Version, Ciphersuite, and ConnectionId parameters indicate security parameters of the new connection. Use the Abort parameter if you need to terminate the connection at this stage.

on_tls_handshake Event

Fires when a new TLS handshake is initiated, before the handshake commences.

Syntax

class MessageTimestamperTLSHandshakeEventParams(object):
  @property
  def host() -> str: ...

  @property
  def abort() -> bool: ...
  @abort.setter
  def abort(value) -> None: ...

# In class MessageTimestamper:
@property
def on_tls_handshake() -> Callable[[MessageTimestamperTLSHandshakeEventParams], None]: ...
@on_tls_handshake.setter
def on_tls_handshake(event_hook: Callable[[MessageTimestamperTLSHandshakeEventParams], None]) -> None: ...

Remarks

The class uses this event to notify the application about the start of a new TLS handshake to Host. If the handshake is successful, this event will be followed with on_tls_established event. If the server chooses to request a client certificate, on_tls_cert_needed event will also be fired.

on_tls_shutdown Event

Reports the graceful closure of a TLS connection.

Syntax

class MessageTimestamperTLSShutdownEventParams(object):
  @property
  def host() -> str: ...

# In class MessageTimestamper:
@property
def on_tls_shutdown() -> Callable[[MessageTimestamperTLSShutdownEventParams], None]: ...
@on_tls_shutdown.setter
def on_tls_shutdown(event_hook: Callable[[MessageTimestamperTLSShutdownEventParams], None]) -> None: ...

Remarks

This event notifies the application about the closure of an earlier established TLS connection. Note that only graceful connection closures are reported.

MessageTimestamper Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

MessageTimestamper Config Settings

Base Config Settings

MessageTimestamper Errors

MessageTimestamper Errors

	1048577   Invalid parameter value (SB_ERROR_INVALID_PARAMETER)
	1048578   Class is configured incorrectly (SB_ERROR_INVALID_SETUP)
	1048579   Operation cannot be executed in the current state (SB_ERROR_INVALID_STATE)
	1048580   Attempt to set an invalid value to a property (SB_ERROR_INVALID_VALUE)
	1048581   Certificate does not have its private key loaded (SB_ERROR_NO_PRIVATE_KEY)
	1048581   Cancelled by the user (SB_ERROR_CANCELLED_BY_USER)