Signing Time
Signing time can be determined in several ways;
- Timestamp
- Signing Time Signed Attribute
- External Time Parameter
Timestamps are the most secure source of time.
Timestamp
Timestamp guarantees the existence of a certain data at some specified time.Since ,in our context, the timestamp is taken over the signature, it proves the existence of the signature at the specified time. Timestamps are generated by trusted authorities. All Electronic Certificate Service Providers(ECSPs) provide this service.
In the applications where the signing time is critique, using timestamp has great importance because other sources of signing time are not secure and can not be trusted. If the signing time can not be determined in a secure way and the signing certificate is revoked, then it is impossible to be sure that the signature is created before the signing certificate gets revoked thus the validity of signature can not be guaranteed.
EST signatures and more advanced signatures include timestamp. In the API, to get timestamp when creating a signature, you must provide the settings of the timestamp server by parameters.
TSSettings tsSettings = new TSSettings("http://zd.ug.net", 21, "12345678", ,DigestAlg.SHA1);
params.put(EParameters.P_TSS_INFO, tsSettings);
TSSettings tsSettings = new TSSettings("http://zd.ug.net", 21, "12345678",,DigestAlg.SHA1);
params_[EParameters.P_TSS_INFO] = tsSettings;
First time stamp server parameter is the address of the server, the second is user id, the third is user password and the last one is the digest algorithm to be used in the timestamp.
Extracting the Signature Time From the Timestamp
EST and more advanced signature classes are inherited from EST. So the method getTime() of the class EST can be used to get timestamp. The timestamp is extracted from the attribute id_aa_signatureTimeStampToken
byte[] input = AsnIO.dosyadanOKU(ESA); BaseSignedData bs = new BaseSignedData(input); EST estSign = (EST)bs.getSignerList().get(0); Calendartime = estSign.getTime();
byte[] input = AsnIO.dosyadanOKU(ESA); BaseSignedData bs = new BaseSignedData(input); EST estSign = (EST)bs.getSignerList()[0]; DateTime? time = estSign.getTime();
If the user-stated time is trusted then the attribute AttributeOIDs.id_signingTime can be used. However this attribute is not mandatory and may not exists in the signature.
byte[] input = AsnIO.dosyadanOKU(BESwithSIGNING_TIME);
BaseSignedData bs = new BaseSignedData(input);
List<EAttribute> attrs = bs.getSignerList().
get(0).getSignedAttribute(AttributeOIDs.id_signingTime);
Calendar time = SigningTimeAttr.toTime(attrs.get(0));
System.out.println(time.getTime().toString());
byte[] input = AsnIO.dosyadanOKU(BESwithSIGNING_TIME);
BaseSignedData bs = new BaseSignedData(input);
List<EAttribute> attrs = bs.getSignerList()[0].
getSignedAttribute(AttributeOIDs.id_signingTime);
DateTime? time = SigningTimeAttr.toTime(attrs[0]);
Console.WriteLine(time.Value.ToString());
By using the other oids defined in AttributeOIDs, the information about other timestamps can be acquired.
For example, the archival timestamp can be extracted as follows:
byte[] input = AsnIO.dosyadanOKU(ESA);
BaseSignedData bs = new BaseSignedData(input);
List<EAttribute> attrs = bs.getSignerList().get(0).getUnsignedAttribute(
AttributeOIDs.id_aa_ets_archiveTimestamp);
List<EAttribute> attrsV2 = bs.getSignerList().get(0).getUnsignedAttribute(
AttributeOIDs.id_aa_ets_archiveTimestampV2);
attrs.addAll(attrsV2);
for (EAttribute attribute : attrs)
{
Calendar time = ArchiveTimeStampAttr.toTime(attribute);
System.out.println(time.getTime().toString());
}
byte[] input = AsnIO.dosyadanOKU(ESA);
BaseSignedData bs = new BaseSignedData(input);
List<EAttribute> attrs = bs.getSignerList()[0].getUnsignedAttribute(
AttributeOIDs.id_aa_ets_archiveTimestamp);
List<EAttribute> attrsV2 = bs.getSignerList()[0].getUnsignedAttribute(
AttributeOIDs.id_aa_ets_archiveTimestampV2);
attrs.AddRange(attrsV2);
foreach (EAttribute attribute in attrs)
{
DateTime? time = ArchiveTimeStampAttr.toTime(attribute);
Console.WriteLine(time.Value.ToString());
}
Testing the Timestamp Server
API requests the timestamp from the server by using the defined server settings. Developers can use the code below to test the timestamp server. TSClient is responsible from timestamp operations like timestamp request or user account control.
byte [] sha1Digest = new byte [20];
Random rand = new Random();
rand.nextBytes(sha1Digest);
TSClient tsClient = new TSClient();
TSSettings settings = new TSSettings("http://zd.ug.net", 21, "12345678".toCharArray(),,DigestAlg.SHA1);
tsClient.setDefaultSettings(settings);
System.out.println("Remaining Credit: " +
tsClient.requestRemainingCredit(settings));
ETimeStampResponse response = tsClient.timestamp(sha1Digest, settings);
ESignedData sd = new ESignedData(response.getContentInfo().getContent());
ETSTInfo tstInfo = new ETSTInfo(sd.getEncapsulatedContentInfo().getContent());
System.out.println("Time Stamp Time" + tstInfo.getTime().getTime());
System.out.println("Remaining Credit:" + tsClient.requestRemainingCredit(settings));
byte[] sha1Digest = new byte[20];
Random rand = new Random();
rand.NextBytes(sha1Digest);
TSClient tsClient = new TSClient();
TSSettings settings = new TSSettings("http://zd.ug.net", 1, "12345678",,DigestAlg.SHA1);
tsClient.setDefaultSettings(settings);
Console.WriteLine("Remaining Credit: " + tsClient.requestRemainingCredit(settings));
ETimeStampResponse response = tsClient.timestamp(sha1Digest, settings);
ESignedData sd = new ESignedData(response.getContentInfo().getContent());
ETSTInfo tstInfo =new ETSTInfo(sd.getEncapsulatedContentInfo().getContent());
Console.WriteLine("Time Stamp Time" + tstInfo.getTime());
Console.WriteLine("Remaining Credit: " + tsClient.requestRemainingCredit(settings));
Timestamp Request
You can use ESYA API just for timestamp request operation. You need asn1rt.jar, slf4j.jar, ma3api-asn.jar, ma3api-common.jar, ma3api-crypto.jar, ma3api-crypto-gnuprovider.jar, and ma3api-infra.jar for this.
byte [] data = new byte [] {0,1,2,3,4,5,6,7,8,9};
byte [] dataTbs = DigestUtil.digest(DigestAlg.SHA1, data);
TSSettings settings = new TSSettings("http://zd.ug.net", 21, "12345678",,DigestAlg.SHA1);
TSClient tsClient = new TSClient();
EContentInfotoken = tsClient.timestamp(dataTbs, settings).getContentInfo();
byte[] data = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
byte[] dataTbs = DigestUtil.digest(DigestAlg.SHA1, data);
TSSettings settings = new TSSettings("http://zd.ug.net", 21, "12345678",,DigestAlg.SHA1);
TSClient tsClient = new TSClient();
EContentInfo token = tsClient.timestamp(dataTbs, settings).getContentInfo();
