堆栈内存溢出
  简体   繁体   English

如何从数字PKCS7签名解码时间戳?

[英]How to decode timestamp from digital PKCS7 signature?

 原文  2016-04-27 15:13:44       c#/ cryptography/ timestamp/ digital-signature

问题描述

I have a signature with timestamp. 我有一个带有时间戳的签名。 I am trying to decode the timestamp and decode its properties. 我正在尝试解码时间戳并解码其属性。 

 var contentInfo = new ContentInfo(Convert.FromBase64String(data));
            var signedCms = new SignedCms(contentInfo, true);

            signedCms.Decode(Convert.FromBase64String(signature));
            signedCms.CheckSignature(true);


            foreach (var signerInfo in signedCms.SignerInfos)
            {
                foreach (var unsignedAttribute in signerInfo.UnsignedAttributes)
                {

                    if (unsignedAttribute.Oid.Value == "1.2.840.113549.1.9.16.2.14")
                    {
                        AsnEncodedData asnData = unsignedAttribute.Values[0];

                        byte[] asnBinary = asnData.RawData;
                    }


                }
            }

But I dont understand how can I decode asnData.RawData 但是我不明白如何解码asnData.RawData

At least I need to get date and verify that the timstamp is correct(it's signature is valid) 至少我需要获取日期并验证timstamp是否正确(其签名有效)

Do you have any ideas or expirience? 您有什么想法或经验吗? Thanks 谢谢

1 个解决方案

解决方案1
 2  2016-04-28 23:10:42

A timestamp is nothing else than a counter-signature (a signature of your authenticated attributes). 时间戳不过是反签名(已验证属性的签名)。 You would to look into the counter signatures within the SignerInfo structure. 您需要查看SignerInfo结构中的计数器签名。

signerInfo.CounterSignerInfos contains a collection of SignerInfo and will be used by most Authenticode signatures schemes (may be implementation specific). signerInfo.CounterSignerInfos包含的集合SignerInfo ,会被大多数验证码签名方案一起使用(可能是实现特定的)。 If your timestamp is based off of RFC-3161, then it may be elsewhere. 如果您的时间戳基于RFC-3161,则它可能在其他地方。 I have found it as an unauthenticated attribute under the SignerInfo.UnsignedAttributes property with OID 我发现它是带有OID的SignerInfo.UnsignedAttributes属性下的未经身份验证的属性

1.3.6.1.4.1.311.3.3.1 1.3.6.1.4.1.311.3.3.1

With this OID, you can trivially find the timestamp. 使用此OID,您可以轻松找到时间戳记。 

foreach (CryptographicAttributeObject cryptoAttribute in primarySigner.UnsignedAttributes)
{
    if (cryptoAttribute.Oid.Value == szOID_RFC3161_TIMESTAMP.Value)
    {
        Pkcs9AttributeObject rfcTimestampObj = new Pkcs9AttributeObject(cryptoAttribute.Values[0]);
        //Decode the attribute
        SignedCms rfcTimestampMessage = new SignedCms();
        rfcTimestampMessage.Decode(rfcTimestampObj.RawData);
        //At this point you are obtained the timestamp message as a SignedCMS object - rfcTimestampMessage.SignerInfos.Count > 1
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 验证从AS2贸易伙伴收到的pkcs7签名 - Verify pkcs7 Signature received from AS2 trading partner C# 向 PKCS#7 CMS 数字签名添加时间戳 - C# Add Timestamp to PKCS#7 CMS Digital Signature C# 添加时间戳到PKCS#7 CMS数字签名问题 - C# Add Timestamp to PKCS#7 CMS Digital Signature problem 如何解密 PKCS7 消息 - How to decrypt a PKCS7 message 将时间戳添加到数字签名 - Add TimeStamp to digital signature 在 PKCS7 (CMS) 中使用相同的响应 xml 签名对多个位置进行签名 - Sign multiple location with same response xml signature in PKCS7 (CMS) 如何从 PKCS#7 中提取 PKCS#1 签名 - How to extract PKCS#1 signature from PKCS#7 如何使用PKCS 7和SHA算法在C#中创建数字签名并进行验证 - How to Create Digital Signature and Verify it in C# using PKCS 7 and SHA algorithm 如何从MSI安装程序中删除数字签名? - How to remove digital signature from an MSI installer? 如何创建仅用于密钥交换的 pkcs7 块(充气城堡) - How to create an pkcs7 block for key exchange only (bouncy castle)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM