Victor
Reputation: 23972
How do I get the signature in a TimeStampToken (Bouncy Castle)
From RFC 3852 (and RFC 3161) I understand that the signature value is stored as an attribute of the SignerInfo type of the TimestampToken (which is a Signed Data content type).
How can I get that signature value from a TimeStampToken instance of Bouncy Castle (in C#)?
Upvotes: 2
Views: 1961
Answers (2)
Victor
Reputation: 23972
I was able to get the signature using this:
CmsSignedData tsTokenCms = timestampToken.ToCmsSignedData();
SignerInformationStore signerInfoStore = tsTokenCms.GetSignerInfos();
SignerInformation signerInfo = signerInfoStore.GetFirstSigner(timestampToken.SignerID);
byte[] signatureBytes = signerInfo.GetSignature();
string signatureString = BitConverter.ToString(signatureBytes);
Console.WriteLine("Signature is: " + signatureString);
Upvotes: 1
hal
Reputation: 1757
You could use class with helper methods:
public static class TimeStampTokenHelper
{
public static IEnumerable<SignedData> GetTimeStampTokensAsSignedData(byte[] input)
{
var cmsInputStream = new Asn1InputStream(input);
var asn1Object = cmsInputStream.ReadObject();
Assert.IsNotNull(asn1Object);
var rootSequence = Asn1Sequence.GetInstance(asn1Object);
var signedData = GetSignedData(rootSequence);
return GetTimeStampTokensFromSignedData(signedData);
}
private static SignedData GetSignedData(Asn1Sequence sequence)
{
var rootContent = ContentInfo.GetInstance(sequence);
Assert.That(rootContent.ContentType.Id, Is.EqualTo("1.2.840.113549.1.7.2")); // signedData
var signedData = SignedData.GetInstance(rootContent.Content);
return signedData;
}
private static IEnumerable<SignedData> GetTimeStampTokensFromSignedData(SignedData signedData)
{
return GetTimeStampTokensFromSignerInfos(signedData.SignerInfos);
}
private static IEnumerable<SignedData> GetTimeStampTokensFromSignerInfos(Asn1Set signerInfos)
{
var timestampTokens = signerInfos
.OfType<Asn1Sequence>()
.SelectMany(GetTimeStampTokensFromSignerInfo);
return timestampTokens;
}
private static IEnumerable<SignedData> GetTimeStampTokensFromSignerInfo(Asn1Sequence signerInfoSequence)
{
var signerInfo = SignerInfo.GetInstance(signerInfoSequence);
var result = signerInfo.UnauthenticatedAttributes.ToArray()
.Select(Asn1Sequence.GetInstance)
.Where(x => ((DerObjectIdentifier)x.GetObjectAt(0)).Id == "1.2.840.113549.1.9.16.2.14")
.Select(x => GetSignedData(Asn1Sequence.GetInstance(Asn1Set.GetInstance(x.GetObjectAt(1)).GetObjectAt(0))));
return result;
}
The TimeStampTokenHelper.GetTimeStampTokensAsSignedData helper method will extract time stamp token as SignedData structure. You may do everything you want with returned SignedData data.
Here is example how to extract signatures from SignerInfo:
var signatures = TimeStampTokenHelper.GetTimeStampTokensAsSignedData(cadesTBytes)
.SelectMany(token => token.SignerInfos.ToArray().Select(SignerInfo.GetInstance))
.Select(signerInfo => signerInfo.EncryptedDigest);
As final tips:
- you can use free online ASN.1 viewer to dig into structure of your Cades T signature
- you can use
Org.BouncyCastle.Asn1.Utilities.Asn1Dump.DumpAsStringmethod to dump string representation of Bouncycastle's ASN.1 objects
Hope this helps.
Upvotes: 2
Related Questions
- BouncyCastle - To verify the signature
- Converting a .NET ECDSA P1363 signature to a Bouncy Castle ASN.1 Signature
- Convert .NET detached signature verification to bouncycastle
- BouncyCastle TimeStampProtocol | How Do I get the original hash from a TimeStampToken?
- How to extract certificates from a time-stamp response in Bouncy Castle
- timestamptoken validate java bouncycastle
- Bouncycastle Java - Generate a tst file from TimestampToken
- BouncyCastle - how get expiration date of TimeStampToken
- Digital signature with timestamp in Java
- TimeStampResponse