Discuss this help topic in SecureBlackbox Forum

Countersign CMS signature

'Countersigning a signature' means 'signing an existing signature'. A countersignature is always created over an existing signature and is used whenever a third party wants to certify the integrity of the original signature, or the information contained in it. In the CMS structure, a countersignature is stored as an unsigned attribute (so you can add or remove countersignatures without affecting the integrity of the signature). Format-wise, a countersignature is a valid CMS signature itself, therefore it may contain its own countersignatures, effectively forming a signature tree.

To add a countersignature:

1. Get the original signature (it should be finalised/signed) as a TElCMSSignature object.
2. Add a countersignature placeholder by calling the AddCountersignature() method of the signature object. Remember to get the index of the new countersignature: int idx = sig.AddCountersignature();
3. Get the countersignature object: TElCMSSignature csig = sig.get_Countersignatures(idx);
4. Set up the properties of the countersignature as needed. Remember not to set the content-type field, it is illegal for countersignatures to have their own content types!

   
   csig.SigningTime = DateTime.UtcNow;
   csig.DigestAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
   ...
   

5. Complete the countersignature by signing it, just as you do with normal signatures: csig.Sign(cert, null);
6. Save the modified CMS.

How To articles about Cryptographic Message Syntax (CMS)

Discuss this help topic in SecureBlackbox Forum