Home/ Questions/Q 6569639
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T14:39:26+00:00

I am using Bouncy Castle to read response from Time Stamp server in .NET.Now

  • 0

I am using Bouncy Castle to read response from Time Stamp server in .NET.Now i want to show time stamp server certificate to client, how can I read time stamp server certificate from response?

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Relevant section of RFC 3161:

    If the certReq field is present and set to true, the TSA’s public key
    certificate that is referenced by the ESSCertID identifier inside a
    SigningCertificate attribute in the response MUST be provided by the
    TSA in the certificates field from the SignedData structure in that
    response. That field may also contain other certificates.

    So, first of all, you need to make sure that certReq is true in the request. This is an option in the Org.BouncyCastle.Asn1.Tsp.TimeStampReq constructor.

    Then, the response will contain the certificate, and since there may be other certificates in there too, you need to fish out the one that was used for the timestamp signature:

    TimeStampResponse resp = ...;
TimeStampToken tsToken = resp.TimeStampToken;
IX509Store store = tsToken.GetCertificates("Collection");
SignerID signerID = tsToken.SignerID;
ICollection matches = store.GetMatches(signerID);

    That ‘matches’ collection should have exactly one cert in it.

    • 0