TimeStampToken Storage in MySQL or Oracle?

Question

I'm getting a TimeStampToken (RFC3161) by using a java based client.
I need to store all the information included in TSTInfo in a database, MySql or Oracle.Is there any specific format to store it?

Answer 1

Note that if you only store the TSTInfo, you lose the signature, which is the whole point of having an RFC3161 token. The TSTInfo without the signature proves nothing!

To preserve its evidentiary property, you really should store the entire timestamp token (which is defined as the signed CMS ContentInfo that wraps the TSTInfo).

In terms of what format to use, probably chapter 3.2 of the RFC3161 specification (https://www.rfc-editor.org/rfc/rfc3161) can be helpful (which is only a suggestion though):

3. Transports

   There is no mandatory transport mechanism for TSA messages in this
   document.  The mechanisms described below are optional; additional
   optional mechanisms may be defined in the future.

[...]

3.2. File Based Protocol

   A file containing a time-stamp message MUST contain only the DER
   encoding of one TSA message, i.e., there MUST be no extraneous header
   or trailer information in the file.  Such files can be used to
   transport time stamp messages using for example, FTP.

So, I would store the DER encoded CMS ContentInfo (not of the TSTInfo) as a BLOB

Answer 2

There is no specified format¹ for this kind of thing.

But some obvious alternatives spring to mind:

• Store the DER-encoded form as a BLOB.

• Take the DER-encoded form, base-64 encoded it and store it in a CHAR(n) column.

• Create a table with columns to represent each of the fields of the TSSInfo structure ... assuming that you are already decoding it.

• Serialize the Java object representation using the Java serialization protocol, XML, JSON, etcetera.

• and so on.

---

^{1 - Actually, according to Wikipedia, there is an encoding for ASN.1 called XER that is represented using XML.}