Hello, try this for generating the TSA-reply
openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile TSA-query -inkey ts.key -signer ts.crt -out TSA-reply
where ts.crt and ts.key are the timestamping certificate and private key (without passphrase)
and TSA-query is the time stamp query TSA-reply is your time stamp reply I'm using this in a CGI skript and created a timestamp server this way ... I tested this with my certificates with just Adobe Standard and this worked. the openssl.cnf contains this: oid_section = new_oids [ new_oids ] tsaPolicy = 1.2.3.4.5 [ tsa ] default_tsa = tsa_timestamp [ tsa_timestamp ] accuracy = secs:1, millisecs:500, microsecs:100 digests = md5, sha1 serial = serialnmbr-timestamp.text default_policy = tsaPolicy On 11.03.2013 20:01, kap...@mizera.cz wrote:
Of course YES. Timestamp reply is nothing else as CMS SignedData structure. --kapetr Dne 11.3.2013 19:51, Dr. Stephen Henson napsal(a):On Mon, Mar 11, 2013, kap...@mizera.cz wrote:Hello, Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):As to the OP query. I'm not that familiar with the timestamping code. OpenSSL doesn't support attribute certificates and adding support is not trivial.The attribute certificates are common possible in CMS, not just in TS => attr. cert. (in the SigningCertificate->certs) will kill any CMS verification.
smime.p7s
Description: S/MIME Cryptographic Signature
