stackoom
  简体   繁体   中英

Is there a way to get signature creation date in signature that was created by pkcs11Interop?

 原文  2019-07-08 02:37:02       pkcs#11/ pkcs11interop

Question

I verify certificate with X509Chain.Build(X509Certificate2) method. If certificate is valid i sign data using Pkcs11Interop library. Any users who are interested can download this signature to verify by themselves. But also they should be able to check validity of certificate.

I'm now writing some test tool that will get all this files and check for validity. But in order to verify certificate i need a signature creation date. Is it possible to get this date from signature?

For now i store signature creation date in separate field in table. But i realy think that signature contains a creation date. At least i hope so.

I am verifying certificate then if it is ok i use next code to sign some data.

var privateKeys = session.FindAllObjects(SignSettings.PrivateKeyAttributes);

var mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_GOSTR3411);

byte[] hash = session.Digest(mechanism, data);

var signMechanism = session.Factories.MechanismFactory.Create(CKM.CKM_GOSTR3410);

var signature = session.Sign(signMechanism, privateKeys[0], hash);

return signature;

Then i store this signature with signed data in database

In my test signature checker app i use X509Chain to check that certificate is valid.

var chain = X509Chain.Create();
var policy = chain.ChainPolicy;
policy.RevocationMode = X509RevocationMode.Offline;
policy.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
policy.VerificationTime = @signatureDate;
policy.UrlRetrievalTimeout = UrlRetrievalTimeout;

chain.Build(cert);
return chain;

1 answers

solution1
 1  2019-07-10 07:21:23

You are getting plain signature without any extra attributes using regular PKCS#11 calls.

To embed date of signing into signature you must use PKCS#7 messaging function.

As far as I remember your previous question you are using ruToken.
Have a look at their own samples of using PKCS#11 extensions in .Net:

byte[] signature = session.PKCS7Sign(SampleData.PKCS7_SignDataBytes,
    certificates[0], privateKeys[0], null, SampleConstants.UseHardwareHash);

Then you can use EnvelopedCms or SignedCms to get signature properties SignerInfo.SignedAttributes one of which is signing time.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Pkcs11Interop (C#) - Calculate HMAC Signature on Utimaco HSM Simulator How to create Digital Signature with CAdES format using Pkcs11Interop in C# without data or document to sign Create 3DES key with pkcs11Interop and output key value, or proivde key value for creation PDF Signing With Pkcs11Interop PKCS11Interop : How to extract certificate with private key? Erroring out creating an ECDSA Key pair with pkcs11interop How to get password failure count of crypto token (Smartcard) using PKCS11Interop Exception “CKR_FUNCTION_NOT_SUPPORTED”, PKCS11Interop with OpenSC How to use a private key that is stored on an HSM that is secured by a user password via Pkcs11Interop OR CNG? AWS CloudHSM PKCS#11 with PKCS11Interop giving error for Wrap operation CKR_ARGUMENTS_BAD
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM