Oleg Valerievich

Hello to all. I have a my test root certificate keypair rsa length 2048 and signature algorithm sha512withrsa. Than i create and sign last certificate keypair rsa length 2048 singature algorithm sha512withrsa . When in code :DigestCalculatorProvider calcProv = new BcDigestCalculatorProvider(); DigestCalculator calc = calcProv.get(new AlgorithmIdentifier(getCertificateDigestAlgorithmFromString("SHA512")); ContentSigner cs = new JcaContentSignerBuilder("SHA512withRSA").setProvider("BC").build((PrivateKey)...

Oh thank you very much, your explanation is great and useful.

I mean where is signed time attribute? messagedigest attribute ? or TSA must not contain any signed atributes based on this rules from rfc 3161:The time-stamp token MUST NOT contain any signatures other than the signature of the TSA. The certificate identifier (ESSCertID) of then TSA certificate MUST be included as signerInfo attribute inside a SigningCertificate attribute. As i see you include only ESSCertID to signerInfo : final ESSCertID essCertid = new ESSCertID(digestCalculator.getDigest(),...

I mean where is signed time attribute? messagedigest attribute ? or TSA must not contain any signed atributes based on this rules from rfc 3161:The time-stamp token MUST NOT contain any signatures other than the signature of the TSA. The certificate identifier (ESSCertID) of then TSA certificate MUST be included as signerInfo attribute inside a SigningCertificate attribute. As i see you include only ESSCertID to signerInfo : final ESSCertID essCertid = new ESSCertID(digestCalculator.getDigest(),...

I mean where is signed time attribute? messagedigest attribute ? or TSA must not contain any signed atributes based on this rules from rfc 3161:The time-stamp token MUST NOT contain any signatures other than the signature of the TSA. The certificate identifier (ESSCertID) of then TSA certificate MUST be included as signerInfo attribute inside a SigningCertificate attribute. As i see you include only ESSCertID to signerInfo : `final ESSCertID essCertid = new ESSCertID(digestCalculator.getDigest(),...

I mean where is signed time attribute? messagedigest attribute ? or TSA must not contain any signed atributes based on this rules from rfc 3161:The time-stamp token MUST NOT contain any signatures other than the signature of the TSA. The certificate identifier (ESSCertID) of then TSA certificate MUST be included as signerInfo attribute inside a SigningCertificate attribute. As i see you include only ESSCertID to signerInfo : ` final ESSCertID essCertid = new ESSCertID(digestCalculator.getDigest(),...

I mean where is signed time attribute? messagedigest ? or TSA must not contain any signed atributes ?

Good morning. Sorry for my question if you will suggest that insults you, but i have explored your code, and have read https://tools.ietf.org/html/rfc3161 and https://tools.ietf.org/html/rfc5652 . So i want clarify some moment. Based on article where is described protocols i have done some mapping: imeStampReply { TimeStampResp { PKIStatusInfo { uint64_t status; char *statusString; uint64_t failInfo; }; TimeStampToken { SignedData { AlgorithmIdentifiers { ASN1_OID *algorithmIdentifier; int count;...