000025493 - How to use the SigningTime class

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025493
Applies ToRSA BSAFE Cert-J
IssueHow to use the SigningTime class
CauseWhen a PKCS#7 message is created using the Cert-J toolkit, SignerInfo is added into the message.  As an option it is possible to add X501 attributes to the SignerInfo.  One possible attribute is the SigningTime.
ResolutionWithin the Cert-J toolkit is a number of examples of using PKCS#7 objects and methods.  The code fragments below show how SignedMsg.java could be modified to include details of the signing time.

Within the 'encoding section'

       signer.setEncryptionAlgorithm ("RSA");
       signer.setDigestAlgorithm ("SHA1");
       /* The following call will add authenticated attributes to the
        * SignerInfo.  Authenticated attributes are X.501 attributes
        * that are signed as part of the PKCS 7 message.  Because
        * they are signed, they cannot be changed in transit.  The
        * following call only adds a SigningTime attribute to the
        * list of authenticated attributes.  This will inform the
        * recipient of this message when the message was signed.
        * This can be useful if the signer's private key is
        * compromised in the future.  The signer would have some idea
        * of when this compromise occurred, and may publish this time
        * as part of a CRL.  Those wishing to verify this signed
        * document would need to make sure that the signing time
        * represented in the PKCS 7 object is before the published
        * compromise time in the CRL.  This usage of SigningTime
        * allows for a key/certificate to be revoked without
        * invalidating all documents signed by the signer. */
       println ("Adding authenticated attributes:");
       signer.setAuthenticatedAttrs (createAuthenticatedAttributes());
       println ("Added.");
       data.addSignerInfo (signer);

Then add the additional method:

 /* This method will create an X501Attributes container for a single
  * X.501 attribute object, SigningTime.  This value will indicate
  * the time at which this message was signed. */
 public X501Attributes createAuthenticatedAttributes () {
   X501Attributes attrs = new X501Attributes ();
   /* Create a new SigningTime object representing the current
    * time. */
   SigningTime signingTime = new SigningTime (new Date());
   /* Add the attribute to the list of X.501 attributes represented
    * by the X501Attribute class. */
   attrs.addAttribute (signingTime);

   return (attrs);

Legacy Article IDa2451