views:

94

answers:

1

Hi,

Im devloping a system that needs to sign files. I already have a function that receive the byte[] of data to sign and the X509 Certificate and computes the signature using System.Security.Cryptography.Pkcs namespace. Its important to note that we need the signature to be dettached, so for verification we use the file, the dettached signature and the certificate.

The thing is that this function returns a byte[] as signature. Right now for serializing it I am using Base64 encoding, but I saw that the standard is to use .p7s files.

So, how do I generate a .p7s file from the byte[] of the dettached signature?

Another question, is there a way to add a timestamp on the signature and then to retrieve it?

Thanks! Juan

A: 

p7s is a detached PKCS#7 signature itself. It can be (optionally) base64-encoded and that's all, there's no other formatting that needs to be applied.

Yes, you can timestamp PKCS#7 signature. You need to read RFC 3161 and implement it yourself. You can use PKI components of our SecureBlackbox product. Our components let you sign and timestamp data using PKCS#7 and CMS (extension and descendant of PKCS#7). I am not aware of free timestamping clients for PKCS#7, though some might exist.

Eugene Mayevski 'EldoS Corp