Hello Antonio,
Thanks for your answer.So there is no way to not add the "signingTime" attribute? Is there a plan to make the attribute optional in the near future? Regards. Shiyao Liu ------------------ Original ------------------ From: "Antonio Iacono"<ant...@gmail.com>; Date: Thu, Mar 14, 2019 04:41 PM To: "shiyao_...@foxitsoftware.cn"<shiyao_...@foxitsoftware.cn>; Cc: "openssl-users"<openssl-users@openssl.org>; "gaochao_liu"<gaochao_...@foxitsoftware.cn>; "junyi_liang"<junyi_li...@foxitsoftware.com>; "xiaochuan_liu"<xiaochuan_...@foxitsoftware.cn>; Subject: Re: How can I make openssl doesn't add a signed attribute "signingTime" when I sign a cms/cades singnature? Hello Shiyao, the signing time attribute has always been considered mandatory or in any case useful and only with CAdES optional and even with PAdES not allowed. A request similar to yours has already been received (see https://mta.openssl.org/pipermail/openssl-users/2017-February/005240.html) I also believe that CMS API flag would be useful that allows suppression of the signing-time attribute. cc On Wed, Mar 13, 2019 at 12:57 PM shiyao_...@foxitsoftware.cn <shiyao_...@foxitsoftware.cn> wrote: > > Hello everyone, > > I am working on a project about how to use openssl libs to implement a > PAdES(whitch is based on CAdES) signature because I saw that the master > branch of openssl has supported CAdES-BES signature. But now there is a > problem I don't know how to solve it. So I am asking for some help. > According to the PAdES reference, signing-time attribute in CMS signature > shall not be present in a PAdES signature. In openssl libs, signing-time > attribute is set in the function CMS_SignerInfo_sign. But I can't find a way > to control it not to set signing-time attribute. So I want to know if there > is a way to not to set signing-time attribute or delete this attribute > without changing the openssl source code. > > Regards, > Shiyao Liu > > ________________________________ > shiyao_...@foxitsoftware.cn
