[openssl-users] in the department of "ain't no perfect"

Michael Wojcik Michael.Wojcik at microfocus.com
Tue Jan 15 20:17:10 UTC 2019 

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> Charles Mills
> Sent: Tuesday, January 15, 2019 13:50
>
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> > Eliot Lear
> > Sent: Tuesday, January 15, 2019 7:29 AM
>
> > Subject: [openssl-users] in the department of "ain't no perfect"

In the department of "how to post to a technical mailing list": Please choose a meaningful subject line. That's more useful for recipients, and much more useful for people skimming through archives, either a public one or their own collection. (As someone with a literature and rhetoric background I understand the impulse toward stylistic flair, but the subject line isn't the occasion for it. Kairos, y'know.)

> > I have an application that requires long-lived signatures, perhaps long past
> > the point where the signer's cert has expired.
>
> Leaping into something where I really don't know what I am talking about,
> does not code signing do that routinely? I can install software signed with a
> certificate that has expired, provided it had not expired when the code was
> signed.

That's because it's a timestamped signature. Timestamping involves getting a signed timestamp from a public timestamp server run by a trusted source (typically a public CA), and adding that to the document being signed. It attests that the signature was generated while the signing certificate was still valid.

There are issues with timestamped signatures. In particular, because information about certificate revocation (CRL entries and OCSP records) is generally discarded after the revoked certificate expires - to prevent CRLs and OCSP databases from growing without limit - once a certificate has expired there's no way to know whether a timestamped signature was created before the certificate was revoked. Or, for that matter, before the key was compromised (which was presumably some time before revocation).

I don't know whether Eliot has considered timestamped signatures, but generally timestamping is done by whoever generates the message. I suppose you could receive a message, and if its signature is not timestamped, you could validate the signature, then enclose the whole thing in a message of your own, which you could then timestamp and sign, attesting that it was valid when you received it. (Or you could keep that information in some other fashion, of course.)

> > I'd like a way to extract the signature date from a CMS structure.

Date or data? It's not clear what your intention is here.

> > With all the opaque structs that have
> > been introduced in the last few releases, it's not clear to me how to do
> > that.

Offhand, I don't know. But I'll note that - returning to the matter of mailing-list use - you haven't told us what version of OpenSSL you're using. Or your platform, though since this is an API question that shouldn't matter (unless someone can suggest an alternative API - which, come to think of it, someone might, if only we knew more about your platform and application).

--
Michael Wojcik
Distinguished Engineer, Micro Focus

More information about the openssl-users mailing list