> On Jan 15, 2019, at 10:29 AM, Eliot Lear <lear@xxxxxxxxxxxxxxxxxxx> wrote: > > I have an application that requires long-lived signatures, perhaps long > past the point where the signer's cert has expired. I'd like a way to > extract the signature date from a CMS structure. With all the opaque > structs that have been introduced in the last few releases, it's not > clear to me how to do that. Any examples or guidance (other than don't > do that)? I doubt this has anything to do with opaque structures. The real issue here is that IIRC CMS (previously known as PKCS7) has no signature date. It just has to be signed data and a signature, with an X.509 certificate that has an expiration. For long-term storage, the date of interest is NOT when the object was signed, but when it was received, verified and stored. For that what you need is separate long-term integrity protection for the underlying object store, separate from the origin signatures on inbound objects, that need only be valid at time of import. Indeed with content that's also encrypted, you'll typically want to immediately decrypt it, decoupling it from a comparatively short-lived inbound encryption public key, and re-encrypt for storage under a key that is managed as part of the object store. The naïve model of using the signer and recipient keys as long-term verification and decryption keys is deeply flawed for data retention. This is a bit part of the reason why end-to-end email encryption has negligible adoption, the storage infrastructure to make it usable was never built. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
