Discuss this help topic in SecureBlackbox Forum
Add timestamp to CMS signature
Signature timestamping is a technique which allows to certify the contents and creation time of an electronic signature with an independent trusted third party. Essentially, a timestamp is a regular electronic signature created by a dedicated trusted entity called timestamping authority (TSA), made over a value of another electronic signature (the one being timestamped), and containing its creation time. Timestamping authorities are expected to maintain accurate time records, and normally their authority to issue timestamps is delegated by some higher-level certification authority (CA).
The majority of TSAs can be contacted via a special timestamping protocol (TSP) defined in RFC 3161. The protocol records are normally sent over the HTTP(S) connection, yet, plain TCP transports are also used occasionally.
To timestamp a signature you will need to use one of TSP components included in SecureBlackbox. In most cases this is going to be TElHTTPTSPClient (intended to be used with HTTP(S)-capable TSAs). Occasionally, the TElSocketTSPClient (plain TCP) class will be used. This article deals with the former, more widely used, component. If you understand how to use TElHTTPTSPClient, cracking a much simpler TElSocketTSPClient would be a piece of cake.
Assume that you've created or loaded a CMS signature in a TElCMSSignature object. To timestamp this signature:
TElHTTPTSPClient tsp = new TElHTTPTSPClient();
TElHTTPSClient cli = new TElHTTPSClient();
tsp.HTTPClient = cli;
tsp.URL = "http://tsa.authority.com"; // assign your TSA URL here
tsp.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
int idx = sig.AddTimestamp(tsp);
The idx value returned by the call indicates the index of the new timestamp in the signature's Timestamps[] list.
The same approach can be used to add content and archival timestamps to your signatures.