'[dev-crypto] Re: Validating ebedded timestamps (RFC 3161-Appendix A)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    [dev-crypto]  Re: Validating ebedded timestamps (RFC 3161-Appendix   A)
From:       Gabriele Contini <contini.mailing () gmail ! com>
Date:       2008-10-23 9:22:22
Message-ID: gdpfoe$avm$1 () ger ! gmane ! org
[Download RAW message or body]

Hi David,
thank you for your advice but it didn't work. And this is probably 
because the timestamp is over the signature field, rather than the content.

RFC 3161 Appendix A says:
The value of messageImprint field within TimeStampToken shall be a hash 
of the value of signature field within SignerInfo for the signedData 
being time-stamped

 > final byte[] digestSignedHash = MyDSUtils.digest(signedHash);
I'm sorry a snippet of my own library remained in my example. It just 
calculates the SHA1 hash of the argument.

Agree also on signerInform.verify(...) and also need to verify signature 
of the timestamp with tst.verify(...)

Best regards.
Gabriele

David Hook wrote:
> You can probably replace:
> 
> final byte[] digestSignedHash = MyDSUtils.digest(signedHash);
> 
> with
> 
> final byte[] digestSignedHash = signerInform.getContentDigest();
> 
> Note: you have to call verify on signerInform first.
> 
> Regards,
> 
> David
> 
> On Wed, 2008-10-22 at 10:53 +0200, contini wrote:
>> Here is how i'm doing:
>>
>> SignerInformation signerInform =...
>> AttributeTable at = signerInform.getUnsignedAttributes();
>> DEREncodable dob =
>> at.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken).getAttrValues().getObjectAt(0);
>> CMSSignedData signedData = new
>> CMSSignedData(dob.getDERObject().getEncoded());
>> TimeStampToken tst = new TimeStampToken(signedData);
>> TimeStampTokenInfo tstInfo = tst.getTimeStampInfo();
>> // MessageImprint inside Timestamp
>> byte[] messageImprintDig = tstInfo.getMessageImprintDigest();
>>
>> byte[] signedHash = signerInform.getSignature();
>> //SHA-1 digest of the signature
>> final byte[] digestSignedHash = MyDSUtils.digest(signedHash);
>> // Are equals?
>> boolean hashOk = Arrays.equals(digestSignedHash,messageImprintDig);
>>
>> Bye!
>> Gabriele
>>
>> On Wed, Oct 22, 2008 at 12:59 AM, David Hook <dgh@lockboxlabs.com>
>> wrote:
>>         
>>         Only thing I can suggest, if you are not doing it already is
>>         to use
>>         
>>         SignerInformation.getContentDigest()
>>         
>>         to get the hash in the signature field.
>>         
>>         Regards,
>>         
>>         David
>>         
>>         
>>         On Tue, 2008-10-21 at 10:52 +0200, Gabriele Contini wrote:
>>         > Hi!
>>         > I'm trying to validate a timestamp embedded in a CMS
>>         structure as
>>         > described in RFC3161 appendix A (it is placed in an unsigned
>>         attribute).
>>         > This form of timestamp is quite common in pkcs#7 block
>>         inside pdf
>>         > signatures.
>>         > At the moment i haven't found an easy way to do it with
>>         Bouncycastle
>>         > (except manually calculate the hash of the signature field
>>         inside the
>>         > SignerInfo and verify it's the same messageImprint in the
>>         TimeStampToken).
>>         > Is there a short way to do this? If no, it could be a nice
>>         feature to add.
>>         > Thank you in advance for your attention.
>>         > Gabriele Contini
>>         >
>>         >
>>         
>>         
>>
> 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic