Hello Antonio,
Thanks for your answer.So there is no way to not add the "signingTime" attribute? Is there a plan to make the attribute optional in the near future?
Regards.
Shiyao Liu
------------------ Original ------------------
Date: Thu, Mar 14, 2019 04:41 PM
To: "shiyao_liu@xxxxxxxxxxxxxxxx"<shiyao_liu@xxxxxxxxxxxxxxxx>;
Cc: "openssl-users"<openssl-users@xxxxxxxxxxx>; "gaochao_liu"<gaochao_liu@xxxxxxxxxxxxxxxx>; "junyi_liang"<junyi_liang@xxxxxxxxxxxxxxxxx>; "xiaochuan_liu"<xiaochuan_liu@xxxxxxxxxxxxxxxx>;
Subject: Re: How can I make openssl doesn't add a signed attribute "signingTime" when I sign a cms/cades singnature?
Hello Shiyao,
the signing time attribute has always been considered mandatory or in
any case useful and only with CAdES optional and even with PAdES not
allowed.
A request similar to yours has already been received (see
https://mta.openssl.org/pipermail/openssl-users/2017-February/005240.html)
I also believe that CMS API flag would be useful that allows
suppression of the signing-time attribute.
cc
On Wed, Mar 13, 2019 at 12:57 PM shiyao_liu@xxxxxxxxxxxxxxxx
<shiyao_liu@xxxxxxxxxxxxxxxx> wrote:
>
> Hello everyone,
>
> I am working on a project about how to use openssl libs to implement a PAdES(whitch is based on CAdES) signature because I saw that the master branch of openssl has supported CAdES-BES signature. But now there is a problem I don't know how to solve it. So I am asking for some help.
> According to the PAdES reference, signing-time attribute in CMS signature shall not be present in a PAdES signature. In openssl libs, signing-time attribute is set in the function CMS_SignerInfo_sign. But I can't find a way to control it not to set signing-time attribute. So I want to know if there is a way to not to set signing-time attribute or delete this attribute without changing the openssl source code.
>
> Regards,
> Shiyao Liu
>
> ________________________________
> shiyao_liu@xxxxxxxxxxxxxxxx
the signing time attribute has always been considered mandatory or in
any case useful and only with CAdES optional and even with PAdES not
allowed.
A request similar to yours has already been received (see
https://mta.openssl.org/pipermail/openssl-users/2017-February/005240.html)
I also believe that CMS API flag would be useful that allows
suppression of the signing-time attribute.
cc
On Wed, Mar 13, 2019 at 12:57 PM shiyao_liu@xxxxxxxxxxxxxxxx
<shiyao_liu@xxxxxxxxxxxxxxxx> wrote:
>
> Hello everyone,
>
> I am working on a project about how to use openssl libs to implement a PAdES(whitch is based on CAdES) signature because I saw that the master branch of openssl has supported CAdES-BES signature. But now there is a problem I don't know how to solve it. So I am asking for some help.
> According to the PAdES reference, signing-time attribute in CMS signature shall not be present in a PAdES signature. In openssl libs, signing-time attribute is set in the function CMS_SignerInfo_sign. But I can't find a way to control it not to set signing-time attribute. So I want to know if there is a way to not to set signing-time attribute or delete this attribute without changing the openssl source code.
>
> Regards,
> Shiyao Liu
>
> ________________________________
> shiyao_liu@xxxxxxxxxxxxxxxx