[英]How to decode timestamp from digital PKCS7 signature?
I have a signature with timestamp. 我有一个带有时间戳的签名。 I am trying to decode the timestamp and decode its properties. 我正在尝试解码时间戳并解码其属性。
var contentInfo = new ContentInfo(Convert.FromBase64String(data));
var signedCms = new SignedCms(contentInfo, true);
signedCms.Decode(Convert.FromBase64String(signature));
signedCms.CheckSignature(true);
foreach (var signerInfo in signedCms.SignerInfos)
{
foreach (var unsignedAttribute in signerInfo.UnsignedAttributes)
{
if (unsignedAttribute.Oid.Value == "1.2.840.113549.1.9.16.2.14")
{
AsnEncodedData asnData = unsignedAttribute.Values[0];
byte[] asnBinary = asnData.RawData;
}
}
}
But I dont understand how can I decode asnData.RawData 但是我不明白如何解码asnData.RawData
At least I need to get date and verify that the timstamp is correct(it's signature is valid) 至少我需要获取日期并验证timstamp是否正确(其签名有效)
Do you have any ideas or expirience? 您有什么想法或经验吗? Thanks 谢谢
A timestamp is nothing else than a counter-signature (a signature of your authenticated attributes). 时间戳不过是反签名(已验证属性的签名)。 You would to look into the counter signatures within the SignerInfo
structure. 您需要查看SignerInfo
结构中的计数器签名。
signerInfo.CounterSignerInfos
contains a collection of SignerInfo
and will be used by most Authenticode signatures schemes (may be implementation specific). signerInfo.CounterSignerInfos
包含的集合SignerInfo
,会被大多数验证码签名方案一起使用(可能是实现特定的)。 If your timestamp is based off of RFC-3161, then it may be elsewhere. 如果您的时间戳基于RFC-3161,则它可能在其他地方。 I have found it as an unauthenticated attribute under the SignerInfo.UnsignedAttributes
property with OID 我发现它是带有OID的SignerInfo.UnsignedAttributes
属性下的未经身份验证的属性
1.3.6.1.4.1.311.3.3.1 1.3.6.1.4.1.311.3.3.1
With this OID, you can trivially find the timestamp. 使用此OID,您可以轻松找到时间戳记。
foreach (CryptographicAttributeObject cryptoAttribute in primarySigner.UnsignedAttributes)
{
if (cryptoAttribute.Oid.Value == szOID_RFC3161_TIMESTAMP.Value)
{
Pkcs9AttributeObject rfcTimestampObj = new Pkcs9AttributeObject(cryptoAttribute.Values[0]);
//Decode the attribute
SignedCms rfcTimestampMessage = new SignedCms();
rfcTimestampMessage.Decode(rfcTimestampObj.RawData);
//At this point you are obtained the timestamp message as a SignedCMS object - rfcTimestampMessage.SignerInfos.Count > 1
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.