0

I'm getting a TimeStampToken (RFC3161) by using a java based client.
I need to store all the information included in TSTInfo in a database, MySql or Oracle.Is there any specific format to store it?

Angelika
  • 23
  • 1
  • 11

2 Answers2

1

There is no specified format1 for this kind of thing.

But some obvious alternatives spring to mind:

  • Store the DER-encoded form as a BLOB.

  • Take the DER-encoded form, base-64 encoded it and store it in a CHAR(n) column.

  • Create a table with columns to represent each of the fields of the TSSInfo structure ... assuming that you are already decoding it.

  • Serialize the Java object representation using the Java serialization protocol, XML, JSON, etcetera.

  • and so on.

1 - Actually, according to Wikipedia, there is an encoding for ASN.1 called XER that is represented using XML.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • Thank you @Stephen , I would like to know if the BLOB format is suitable in this case? – Angelika Feb 27 '15 at 11:14
  • Possibly. It depends on what you want to with the info. If you use BLOBs then you won't be able to query based on the info. – Stephen C Feb 27 '15 at 11:16
  • I see. Please @Stephen what do you mean exactly by "assuming that you are already decoding it" in the third point? – Angelika Feb 27 '15 at 11:24
  • Well ... if you are not already decoding the TSTinfo into a Java data structure of some kind, then you have work to do to extract the values to populate the columns of the database table. This is all just a first-principles listing of the alternatives. Without understanding your existing code, and what you are aiming to do with the data in the database, it is hard to give you anything other a list of options ... for >>you<< to choose from. – Stephen C Feb 27 '15 at 12:07
0

Note that if you only store the TSTInfo, you lose the signature, which is the whole point of having an RFC3161 token. The TSTInfo without the signature proves nothing!

To preserve its evidentiary property, you really should store the entire timestamp token (which is defined as the signed CMS ContentInfo that wraps the TSTInfo).

In terms of what format to use, probably chapter 3.2 of the RFC3161 specification (https://www.rfc-editor.org/rfc/rfc3161) can be helpful (which is only a suggestion though):

3. Transports

   There is no mandatory transport mechanism for TSA messages in this
   document.  The mechanisms described below are optional; additional
   optional mechanisms may be defined in the future.

[...]

3.2. File Based Protocol

   A file containing a time-stamp message MUST contain only the DER
   encoding of one TSA message, i.e., there MUST be no extraneous header
   or trailer information in the file.  Such files can be used to
   transport time stamp messages using for example, FTP.

So, I would store the DER encoded CMS ContentInfo (not of the TSTInfo) as a BLOB

Community
  • 1
  • 1
matthias_buehlmann
  • 4,641
  • 6
  • 34
  • 76