On Thu, Jun 06, 2002 at 05:17:48PM -0700, Bob Steele wrote: > > This might be a nonsensical question, and if so it > wouldn't be my first foolish question here: > > Is it possible or appropriate to add a timestamp object > (RFC 3161) to a PKCS#7 signature during the signature's > creation?
This should be defined by business logic and/or risk management rules. No problem at software-writing level. > It is *not* possible for me to make the timestamp the signed data > portion, since I'm already creating signatures on external > detached data. > > What I was wondering is if it was possible to add the timestamp > at the same level as the certificates, much as you add additional > certificates (for a complete signing chain) to a PKCS#7? Maybe, another one SignerInfo part of PKCS7? Made by time-stamping key to confirm signed-data was shown to signer at that time. Adding another one SignerInfo would not break validity of any previous one > Alternately, If there is another PKI data structure that could > incorporate > both a PKCS#7 and a RFC 3161 timestamp, could you please suggest it > to me? One may want to time-stamp the whole "pkcs7 signed" to confirm (unverified) signature was shown to the second signer at that time good luck, Vadim > Thanks for any and all help. > > - Bob > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]