Table of Contents

Class TimestampClient

Namespace
SimpleSign.Core.Crypto
Assembly
SimpleSign.Core.dll

RFC 3161 client for timestamp authority (TSA). Async-first, compatible with ITI-BR TSA and other PAdES providers.

public sealed class TimestampClient
Inheritance
TimestampClient
Inherited Members

Constructors

TimestampClient(HttpClient, string, ILogger?)

Initializes with the TSA URL and a configured HttpClient (dependency injection).

public TimestampClient(HttpClient httpClient, string tsaUrl, ILogger? logger = null)

Parameters

httpClient HttpClient
tsaUrl string
logger ILogger

Methods

EmbedTimestampInCms(byte[], byte[])

Embeds a timestamp token in the CMS as an unsigned attribute id-aa-signatureTimeStampToken (RFC 3161 / PAdES).

public static byte[] EmbedTimestampInCms(byte[] cms, byte[] timestampToken)

Parameters

cms byte[]
timestampToken byte[]

Returns

byte[]

ExtractSignatureValue(byte[])

Extracts the raw signature value bytes from a DER-encoded CMS/SignedData structure. Per RFC 3161 §3.1 and PAdES, the id-aa-signatureTimeStampToken must timestamp the value of SignerInfo.signature (the raw octets, not the DER OCTET STRING wrapper).

public static byte[] ExtractSignatureValue(byte[] cms)

Parameters

cms byte[]

Returns

byte[]

GetTimestampAsync(ReadOnlyMemory<byte>, HashAlgorithmName, CancellationToken)

Requests a timestamp token for the provided bytes.

public Task<byte[]> GetTimestampAsync(ReadOnlyMemory<byte> dataToTimestamp, HashAlgorithmName hashAlgorithm, CancellationToken cancellationToken = default)

Parameters

dataToTimestamp ReadOnlyMemory<byte>

The bytes to be timestamped (usually the CMS signature).

hashAlgorithm HashAlgorithmName

Hash algorithm for the timestamp (SHA-256 recommended).

cancellationToken CancellationToken

Cancellation token.

Returns

Task<byte[]>

DER-encoded timestamp token (TSTInfo encapsulated in CMS).

Edit this page