Hi Bob, You are on the right track - it should be possible to attach a time stamp token to a PKCS7 token. However, there are several options depending on what you want to time stamp. The two most obvious ones being:
- if you want to prove the existence of the orignal content at a particular time, you hash the content, ask for a timestamp and attach the time stamp token as a signed attribute to the SignerInfo. - if you want long-term non-repudiation you can compute a hash on the signature itself, ask for a timestamp and attach the time stamp token as an unsigned attribute to the SignerInfo. You may want to look at the following specification for more info: http://portal.etsi.org/sec/el-sign.asp Publication: TS 101 733 v.1.2.2 I do not know of any tools that implement the specification above. However, OpenSSL could be extended to support the above with a significant amount of work. Regards, Zoltan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]