Discuss this help topic in SecureBlackbox Forum
Add timestamp to the Authenticode signature
Contents of this article assumes you have are familiar with general Authenticode signing.
TElAuthenticodeManager allows to include timestamp into each Authenticode signature in the executable file. The process consists of the following steps:
byte[] tspRequest = signature.StartTimestamp(TSBAuthenticodeTimestampType.actTrusted);
The method returns the request you have to send to a TSP service of the correspondent type. If an error occured, an exception is thrown.
TElHTTPSClient httpClient = new TElHTTPSClient();
TElHTTPTSPClient tspClient = new TElHTTPTSPClient();
tspClient.HTTPClient = httpClient;
tspClient.HashAlgorithm = signature.SignatureDigestAlgorithm;
tspClient.RequestFormat = SBTSPClient.__Global.tsfRFC3161;
tspClient.URL = "http://tsa.myserver.com";
int serverResult = 0;
int failureInfo = 0;
byte[] tspReply = null;
int err = tspClient.Timestamp(tspRequest, serverResult, failureInfo, tspReply);
if (err != 0)
{
// handle the error
}
A sample code to send a "legacy" timestamp request using TElHTTPSClient component:
TElHTTPSClient httpClient = new TElHTTPSClient();
MemoryStream tempStream = new MemoryStream();
httpClient.OutputStream = tempStream;
int status = httpClient.Post("http://tsa.myserver.com", tspRequest);
byte[] tspReply;
if (status != 200)
{
// handle the error
}
else
{
tspReply = SBStreams.__Global.StreamReadAll(tempStream);
}
signature.CompleteTimestamp(tspReply);
Note, that the timestamping server must support MS Authenticode timestamps. SecureBlackbox's TElCustomTSPServer does process MS Authenticode timestamping requests and produces MS Authenticode timestamping replies.