Discuss this help topic in SecureBlackbox Forum

Use the timestamp for signing

Handling TSP requests This article provides some more details about handling TSP requests with SecureBlackbox TElFileTSPServer component. It makes sense for you to make yourself familiar with our main article on implementing TSP server before proceeding with this article, if you haven't done this already. This article mainly concerns steps 4 and 5 of the main article. Essentially, the main decision you need to make when receiving a request is whether or not you want to serve it. Your decision may base on different aspects of the request. For example, the hash algorithm used by the connected client may be considered weak by your security policy. You may want to choose not to return a valid timestamps for such requests: if (tspServer.TSPInfo.HashAlgorithm != SBConstants.Unit.SB_ALGORITHM_DGST_SHA256) { serverResult = SBPKICommon.Unit.psRejection; failureInfo = SBPKICommon.Unit.pfiBadAlg; } Other criteria for rejection might be related to the IP address of the client and the number of requests it has made so far. When preparing a response, you might wish to include accuracy values for your time figures. Accuracy represents deviation of the times you supply via the Time property around the real UTC time. Accuracy setting is optional and can be omitted.

Discuss this help topic in SecureBlackbox Forum