1

I have a code to sign a string with A1 certificate successfull usin C#. I need to add a TimeStamp to this signature. This TimeStamp need went from a TimeStamp server like http://www.cryptopro.ru/tsp/tsp.srf I can't figure out how to put the TimeStamp to the signature. It's not a PDF sign, it's string sign. Anyone can help me please?

Code used to sign:

private byte[] Sign(string text)
    {
        // Find the certificate we’ll use to sign
        X509Certificate2 cert = new X509Certificate2(@"C:\Users\1000084016.pfx", "Password");
        RSACryptoServiceProvider csp = null;

        // Get its associated CSP and private key
        csp = (RSACryptoServiceProvider)cert.PrivateKey;

        // Hash the data
        SHA1Managed sha1 = new SHA1Managed();
        UnicodeEncoding encoding = new UnicodeEncoding();

        byte[] data;
        data = encoding.GetBytes(text);

        byte[] hash = sha1.ComputeHash(data);

        // Sign the hash
        return csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
    }
ric3ca
  • 11
  • 1
  • 4
  • It depends on how your digital signature looks like. If it's XML document, there should be separate fields for signedHash, timestamp and mixedHash – opewix Jul 17 '17 at 03:24

1 Answers1

0

A timestamp is issued by a external Time Stamp Provider using RFC3161 on a application/timestamp-query containing a hash. You can build the request using BouncyCastle (See example here)

To embed the timestamp result into the signature you can't use a basic RSA result. You need to use an advanced signature container like CMS (binary) o XMLDsig(XML) and add the timestamp as an unsigned attribute. See here an implementation using CMS

pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • I change my code to work with CMS. CmsSigner Signer = new CmsSigner(certificateFromFile); Signer.UnsignedAttributes.Add(new Pkcs9SigningTime()); But I can't read the Time Stamp Provider in the Pkcs9SigningTime. Do you know how without using bouncy castle? – ric3ca Jul 17 '17 at 21:51
  • Pkcs9SigningTime will contain the local time. You need to request a RFC3161 time stamp to the TSP using an online http request (i ve post a link of a client in the answer) and include the result into the CMS signature using a TSTInfo structure (see last link). I'am afraid is not simple at all. – pedrofb Jul 18 '17 at 05:52