2

I am looking to find out how to extract the time stamp information (when the file is signed) from p7s file.

I am currently extracting the time stamp through asn1parse and using the string (id-smime-aa-timeStampToken)

The content in my parsed file looks like below.

19120:d=7  hl=2 l=  11 prim: OBJECT            :id-smime-aa-timeStampToken
19133:d=7  hl=4 l=2165 cons: SET               
19137:d=8  hl=4 l=2161 cons: SEQUENCE

I am extracting data from offset 19137 with length of 2165 ( which i assumed present in same line as offset hl=4 l=2161 ), not sure that is correct , but i am getting correct time details.

But is there any way to extract the timestamp directly from p7s?

csavvy
  • 125
  • 4

1 Answers1

3

You can use OpenSSL's cms command to view the contents of a signed PKCS#7 file. Assuming you haven't got the signer's certificate, and therefore aren't verifying the signature and are only viewing the structure, you can use:

openssl cms -verify -noverify -cmsout -print -inform DER -in file.p7s

This will dump details of the structure, which includes the following extract:

    signedAttrs:
        object: contentType (1.2.840.113549.1.9.3)
        set:
          OBJECT:pkcs7-data (1.2.840.113549.1.7.1)

        object: signingTime (1.2.840.113549.1.9.5)
        set:
          GENERALIZEDTIME:Aug  3 23:50:00 2020 GMT

You could filter this with awk or grep for the required signingTime field.

If filtering the text output of OpenSSL doesn't sit well with you, there are other tools better suited to inspecting the contents of any ASN.1 structure. If you're competent in Python for example, you could use pyasn1crypto.

garethTheRed
  • 4,539
  • 14
  • 22
  • Well, after i posted this i got a command `openssl cms -cmsout -in file.p7s -inform DER -noout -print`, which is also printing all the content,but was not sure it has time , but to my surprise its there. – csavvy Dec 17 '20 at 11:06
  • Also could you please point me out in right direction where i can get information related to how to extract crls and pem certificates (w.r.t C programming) with some example references. – csavvy Dec 17 '20 at 11:11
  • also instead of going witth commads , is there any way openssl exposed in terms of funtions(in C) to get the same( almost same as prev comment) – csavvy Dec 17 '20 at 11:25
  • I'm afraid I'm not brave enough to program in C :-) There is plenty of information available on the Internet though. For example: https://www.itu.int/en/ITU-T/asn1/Pages/Tools.aspx lists ASN.1 tools. Also, the OpenSSL is exposed as a library - that's it's main purpose. – garethTheRed Dec 17 '20 at 12:46
  • Sorry to bother again, one question bothering me, the example(from your answer) i see `GENERALIZEDTIME:`, but when i printed on my _.p7s_ i see `UTCTIME`, so do i have to check for both ( _GENERALIZEDTIME and UTCTIME_, obviously only one hits) to **find out time** or can i simply check for only UTCTIME (bcos, thats what is there in my p7s), Does it really change every time the signing happens. – csavvy Dec 20 '20 at 10:04
  • It depends on how the file was generated. UTCTime is restricted to dates between the start of 1950 and end of 2049 while GeneralizedTime can do much more (4 digit year). See the [CMS RFC](https://tools.ietf.org/html/rfc5652#section-11.3). I would have thought that if your file is being generated by a single application it would be the same each time. However, it would be better programming to expect either form. – garethTheRed Dec 20 '20 at 14:04
  • Thanks gareth, I really appreciate your help. Thank you so much. – csavvy Dec 21 '20 at 16:02