Add TimeStamp to digital signature

1
votes

I have a code to sign a string with A1 certificate successfull usin C#. I need to add a TimeStamp to this signature. This TimeStamp need went from a TimeStamp server like http://www.cryptopro.ru/tsp/tsp.srf I can't figure out how to put the TimeStamp to the signature. It's not a PDF sign, it's string sign. Anyone can help me please?

Code used to sign:

private byte[] Sign(string text)
    {
        // Find the certificate we’ll use to sign
        X509Certificate2 cert = new X509Certificate2(@"C:\Users\1000084016.pfx", "Password");
        RSACryptoServiceProvider csp = null;

        // Get its associated CSP and private key
        csp = (RSACryptoServiceProvider)cert.PrivateKey;

        // Hash the data
        SHA1Managed sha1 = new SHA1Managed();
        UnicodeEncoding encoding = new UnicodeEncoding();

        byte[] data;
        data = encoding.GetBytes(text);

        byte[] hash = sha1.ComputeHash(data);

        // Sign the hash
        return csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
    }
1
c#timestampdigital-signaturex509certificatersacryptoserviceprovider
It depends on how your digital signature looks like. If it's XML document, there should be separate fields for signedHash, timestamp and mixedHashopewix

1 Answers

0
votes

A timestamp is issued by a external Time Stamp Provider using RFC3161 on a application/timestamp-query containing a hash. You can build the request using BouncyCastle (See example here)

To embed the timestamp result into the signature you can't use a basic RSA result. You need to use an advanced signature container like CMS (binary) o XMLDsig(XML) and add the timestamp as an unsigned attribute. See here an implementation using CMS