2011-05-13 12:44:00 UTC
Hello. Does the signserver Timestamping generates an evidence of the signing documents with a Hash of the doc or something like that? I need to have evidences of everything we sign. Thanks in advance
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, I had set the Archive to true and I could retrieve the requests filter by IP but that still not good enough to prove I have signed a document.
Still not sure where to look for the hash of the document which is what I really need to prove that I signed a document.
Could you point me at where to look for this please?
Thanks in advance,
Eric
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The files you get when you export the archive using the "signserver archive findfromrequestip" command contains the RFC 3161 TimeStampResp message. Part of that message is the TimeStampToken which contains the hash of the document. To verify a token and get the hash of the document you need to parse the message according to RFC 3161 or to use some timestamp client software to do it.
Regards,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the aclaration.
Another thing I need to do is to make the timestamping work with a Realsec HSM, I have already make it work with a SafeNet HSM but I am not sure if it should work on the same way.
Thank you very much for all your help
Eric
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have started getting the following error on my signserver instalation and can't find how to fix it;
12:45:08,498 INFO Using provided datasource
12:45:25,064 WARN Throwable while attempting to get a new connection: null
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: Out of Memory)
.
.
.
Caused by: java.sql.SQLException: Out of Memory
Any help would be apreciated
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sounds like Java/JBoss is running out of memory. You might need to increase the heap-space for instance by setting JAVA_OPTS in JBOSS_HOME/bin/run.conf to at least -Xmx512m.
Maybe if you provided the complete stacktrace for the exception we could see what part is failing. Are trying to process a large document?
Regards,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
SignServer only uses Hypersonic if you don't configure any other database in signserver_build.properties.
Notice that the hypersonic database should not be used in production as it is an in-memory database which eventually if you add things to it will lead to out of memory.
Regards,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ahh, so the fact that I enable the ARCHIVE PROPERTY for a signer may cause the issue I am haveing?
In that case, how should I empty the Hypersonic database? Is this ddbb used for something else apart of the archiving? Do I need to configure a ddbb if I disable ARCHIVE?
Sorry for many questions ;)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As you are using HSQL it might be a too large database. You can stop JBoss and check the size of JBOSS_HOME/server/default/data/hypersonic.
You could try delete that folder to start with an empty database. You could also try to start without SignServer deployed to see that JBoss works correctly.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The database is also used for holding the signer's configurations etc so you will need to configure an other database for instance MySQL to use instead of Hypersonic.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hopefully not :)
With MySQL it should be fine but the current archiver is not the best as it uses quite verbose XML serialization. In SignServer 3.2.1 there will be an new API where it will be possible to plug-in different archive implementations.
Regards,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, last one, I notice that all the configuration about the signer were saved on the hsqldb , is there a way to extract that or I must config all again with the new ddbb?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Normally you could run "bin/signserver.sh dumpproperties" to get all the signer's configuration to a file and then load it again when started with the new database using "bin/signserver.sh setproperties". But this assumes that you can start SignServer. Otherwise it might be possible to extract the data from JBOSS_HOME/server/default/data/hypersonic/SignServerLocalDB.script and insert into the new database. It is then especially the SIGNERCONFIGDATA that you are interested in.
Regards,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
2011-05-13 12:44:00 UTC
Hello. Does the signserver Timestamping generates an evidence of the signing documents with a Hash of the doc or something like that? I need to have evidences of everything we sign. Thanks in advance
HI, apart from the timestamp produced by the TSA, SignServer also has an archiving function that archives all responses sernt back to clients.
See, http://signserver.org/manual/complete.en.html#Archiving%20Responses%20%28SignServer%20only%29
I think that is what you are looking for right? The timestamp includes the hash of the document.
Regards,
Tomas
Of course there is also a trace log that produces log records.
Ok, I had set the Archive to true and I could retrieve the requests filter by IP but that still not good enough to prove I have signed a document.
Still not sure where to look for the hash of the document which is what I really need to prove that I signed a document.
Could you point me at where to look for this please?
Thanks in advance,
Eric
Hi Eric,
The files you get when you export the archive using the "signserver archive findfromrequestip" command contains the RFC 3161 TimeStampResp message. Part of that message is the TimeStampToken which contains the hash of the document. To verify a token and get the hash of the document you need to parse the message according to RFC 3161 or to use some timestamp client software to do it.
Regards,
Markus
Hi Markus,
Thanks for the aclaration.
Another thing I need to do is to make the timestamping work with a Realsec HSM, I have already make it work with a SafeNet HSM but I am not sure if it should work on the same way.
Thank you very much for all your help
Eric
Hi,
I have started getting the following error on my signserver instalation and can't find how to fix it;
12:45:08,498 INFO Using provided datasource
12:45:25,064 WARN Throwable while attempting to get a new connection: null
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: Out of Memory)
.
.
.
Caused by: java.sql.SQLException: Out of Memory
Any help would be apreciated
Sounds like Java/JBoss is running out of memory. You might need to increase the heap-space for instance by setting JAVA_OPTS in JBOSS_HOME/bin/run.conf to at least -Xmx512m.
Maybe if you provided the complete stacktrace for the exception we could see what part is failing. Are trying to process a large document?
Regards,
Markus
Hi,
The error happens at startup time and I've already set JAVA_OPT to the following:
JAVA_OPTS=-XX:PermSize=128m -XX:MaxPermSize=512m -XX:+CMSClassUnloadingEnabled -Xincgc -Xms256m -Xmx768m
The complete stacktrack is too large so I am not sure if I should paste it here.
Let me know how to proceed
Thanks
You can past the log for instance at http://pastebin.ca/ .
Regards,
Markus
By the way, what is signserver using ddbb hsqldb for?
Sorry but I'm not sure how to use http://pastebin.ca/ it appears all white on the browser
SignServer only uses Hypersonic if you don't configure any other database in signserver_build.properties.
Notice that the hypersonic database should not be used in production as it is an in-memory database which eventually if you add things to it will lead to out of memory.
Regards,
Markus
It seems to have some problem. Try http://paste.ubuntu.com instead.
Ahh, so the fact that I enable the ARCHIVE PROPERTY for a signer may cause the issue I am haveing?
In that case, how should I empty the Hypersonic database? Is this ddbb used for something else apart of the archiving? Do I need to configure a ddbb if I disable ARCHIVE?
Sorry for many questions ;)
Getting this different error now:
http://paste.ubuntu.com/638386/
The log shows a problem with memory.
As you are using HSQL it might be a too large database. You can stop JBoss and check the size of JBOSS_HOME/server/default/data/hypersonic.
You could try delete that folder to start with an empty database. You could also try to start without SignServer deployed to see that JBoss works correctly.
The database is also used for holding the signer's configurations etc so you will need to configure an other database for instance MySQL to use instead of Hypersonic.
Ok, that was a nice one, after empty the ddbb it works.
So, if I configure the sigserver to use mysql I shouldn't have this problem again right.
Big thanks for your quick support
Hopefully not :)
With MySQL it should be fine but the current archiver is not the best as it uses quite verbose XML serialization. In SignServer 3.2.1 there will be an new API where it will be possible to plug-in different archive implementations.
Regards,
Markus
Ok, last one, I notice that all the configuration about the signer were saved on the hsqldb , is there a way to extract that or I must config all again with the new ddbb?
Normally you could run "bin/signserver.sh dumpproperties" to get all the signer's configuration to a file and then load it again when started with the new database using "bin/signserver.sh setproperties". But this assumes that you can start SignServer. Otherwise it might be possible to extract the data from JBOSS_HOME/server/default/data/hypersonic/SignServerLocalDB.script and insert into the new database. It is then especially the SIGNERCONFIGDATA that you are interested in.
Regards,
Markus