I verify certificate with X509Chain.Build(X509Certificate2) method. If certificate is valid i sign data using Pkcs11Interop library. Any users who are interested can download this signature to verify by themselves. But also they should be able to check validity of certificate.
I'm now writing some test tool that will get all this files and check for validity. But in order to verify certificate i need a signature creation date. Is it possible to get this date from signature?
For now i store signature creation date in separate field in table. But i realy think that signature contains a creation date. At least i hope so.
I am verifying certificate then if it is ok i use next code to sign some data.
var privateKeys = session.FindAllObjects(SignSettings.PrivateKeyAttributes);
var mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_GOSTR3411);
byte[] hash = session.Digest(mechanism, data);
var signMechanism = session.Factories.MechanismFactory.Create(CKM.CKM_GOSTR3410);
var signature = session.Sign(signMechanism, privateKeys[0], hash);
return signature;
Then i store this signature with signed data in database
In my test signature checker app i use X509Chain to check that certificate is valid.
var chain = X509Chain.Create();
var policy = chain.ChainPolicy;
policy.RevocationMode = X509RevocationMode.Offline;
policy.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
policy.VerificationTime = @signatureDate;
policy.UrlRetrievalTimeout = UrlRetrievalTimeout;
chain.Build(cert);
return chain;
