How to add timestamping signature to System.IO.Packaging.Package?
There is a way to create packages, add some parts and sign it with a X509Certificate
.
I would also like to add a timestamping signature to the package.
If the ce开发者_StackOverflowrtificate expires or gets revoked the signature should remain valid if the package parts have been timestamped before the expiration/revokation.
P.S. I'm using the System.IO.Packaging.Package
class defined in the WindowsBase.dll
assembly.
The following solution works it you're both the creator and the consumer of the package:
- Use a secure Internet server to get the trusted timestamp.
- Redefine the certificate chain policy to include the timestamp validation in the certificate chain.
Digital signatures in System.IO.Packaging rely on XMLDSIG. Tusted Timestamping (or secure timestamping) in terms of RFC 3161 was added on top with XML Advanced Electronic Signatures (XAdES) and the XAdES-T Profile. Microsoft Office documents use System.IO.Packaging as their format and so the Microsoft Documentation (MS-OFFCRYPTO) mentions XAdES-T as the form used.
Unfortunately there is no built in support in the .NET Framework itself. While Microsoft Office has the ability to utilize trusted time stamps for digital signatures.
Microsoft France published a library to support the standards in 2012 but it went offline and is not maintained anymore. But there is a snapshot of the sources on Github.
There are also a few other libraries your might consider helpful
- FirmaXadesNet45
- Xades-T-Validator
- XAdES-Signer
精彩评论