Reputation: 578
Using e signature in .net core application with time stamp
I am building an data entry application using .net core.
When adding a new row in my database, I need to allow user to add e signature.
The workflow will be like this, there will be a from eg.(Name,Age,etc.) and a canvas field for e signature.
I will allow users to draw their signatures in this canvas and save this image data along with form data.
When I find the example for the e-signature, I found an example with a timestamp server.
What is the usage of timestamp in e-signature? Do I need to add a new field for timestamp in my database column?
Kindly help me explain what timestamp is and the usage of timestamp in .net core e-signature.
Upvotes: 0
Views: 795
Answers (1)
Reputation: 9963
First Question, Why we need timestamp in Digital Signature?
In order to answer this question, we must first understand the risk that comes from a digital signature, Thinking about the workflow for an ink signature. When you sign any legal document, it’s typically done in the presence of a notary. The notary verifies your identity and validates the date and time of the signature. In return, you would also record an entry in a logbook with date and time of the transaction and add a thumbprint.
Now think about implementing this flow in the digital world. When you sign any document with your public key infrastructure (PKI) based digital signature, how do you make sure that there is non-repudiation in place? For example, when a PDF document is digitally signed with your PKI based certificate, it adds the information about the person and date and time of the signature. However, the date and time of this signature is based on the computer’s local time, which can be easily changed or forged. If your certificate is expired or revoked, you could potentially change the local time to make it appear that the certificate is still valid. So, how do you prevent this and trust the digital signature?
You can solve this problem by using Time Stamping Authority (TSA), which uses RFC 3161 Time-Stamp Protocol (TSP) to apply an accurate, trusted timestamp. It is used for proving that the data has not been tampered with and guarantees the data integrity. When TSA is used while signing the document or code, tampering with the timestamp is prevented.
Second Question, the usage of timestamp in Digital Signature
I think there are two methods can achieve it, The first way is to save Digital Signature to the database, the other way is to save the Digital Signature as a static file(image). When you want to save it in database, you can add a new field for timestamp. When you just want to save Digital Signature as image,You can add timestamps as watermarks to this image.
Upvotes: 1
Related Questions
- Get timestamp from Authenticode Signed files in .NET
- Computed timestamps in EF Core entity backed by Postgres
- How do you deploy your own Authenticode Timestamping Service?
- How to Add TimeStamps in Entity Framework
- TimeStamp with EF Core 2.1 and Sql Server?
- ASP.NET Core Web Application ExpireTimeSpan in UseCookieAuthentication doesn't work
- Custom TimeStamp property in EF code first
- Can I timestamp a .NET assembly using local computer time?
- How do you timestamp code-signed Dotnet assemblies?
- How do I add a timestamp when digitally signing a file in C#?