locked
CryptRetrieveTimeStamp problems RRS feed

  • Question

  • Hi all,

    Currently I am working on retreiving token from a TSA server, but unfortunately all the time i obtain error 87 from GetLastError, which stands for Invalid Argument. All the arguments passed to the function seem to be correct and those optional I set as NULL. I am passing array of bytes to be stamped from CryptSignMessage, which successfully returns bytes and their size. Please guys help me with that.

            My code looks like:
    PCRYPT_TIMESTAMP_CONTEXT *ppTsContext = NULL;
    
    HCERTSTORE *phStore = NULL;
    
            CryptRetrieveTimeStamp(
            L"http://services.globaltrustfinder.com/adss/tsa",
            TIMESTAMP_NO_AUTH_RETRIEVAL,
            0,
            szOID_RSA_MD5RSA,
            NULL,
            pbData, // array returned from CryptSignMessage
            outLen, // length of array from CryptSignMessage
            ppTsContext,
            NULL,//ppTsSigner,
            phStore);


    Friday, August 30, 2013 1:29 PM

Answers

  • That would be 0x80090008 aka NTE_BAD_ALGID "Invalid algorithm specified." I suppose szOID_RSA_MD5RSA is not a valid value, but I don't know what the correct one is.

    Igor Tandetnik

    • Marked as answer by tomek.wolski Saturday, August 31, 2013 12:20 PM
    Friday, August 30, 2013 7:44 PM

All replies

  • PCRYPT_TIMESTAMP_CONTEXT and HCERTSTORE* parameters don't work this way. They are [out] parameters - you should pass a valid pointer to some memory that the function will fill in. Like this:

    PCRYPT_TIMESTAMP_CONTEXT pTsContext = NULL;
    HCERTSTORE hStore = NULL;

    CryptRetrieveTimeStamp( ..., &pTsContext,
    NULL, &hStore);
    // Later CryptMemFree(pTsContext);
    CertCloseStore(hStore);




    Igor Tandetnik

    Friday, August 30, 2013 2:46 PM
  • Thanks for reply Igor.

    Now Im getting a large negative number from GetLastError and the function still returns false.It still doesn't work.. I've tried putting different values for url, timeout, hash algorithm but it's still giving me the same result.

    Friday, August 30, 2013 2:57 PM
  • What is this large negative number?

    Igor Tandetnik

    Friday, August 30, 2013 4:01 PM
  • It's -2146893816


    Friday, August 30, 2013 7:33 PM
  • That would be 0x80090008 aka NTE_BAD_ALGID "Invalid algorithm specified." I suppose szOID_RSA_MD5RSA is not a valid value, but I don't know what the correct one is.

    Igor Tandetnik

    • Marked as answer by tomek.wolski Saturday, August 31, 2013 12:20 PM
    Friday, August 30, 2013 7:44 PM
  • That's it! Thanks for help Igor!
    Saturday, August 31, 2013 12:20 PM
  • So, for the benefit of future researches who may stumble on this thread - what did you discover to be the correct value to pass as the fourth parameter to CryptRetrieveTimeStamp?

    Igor Tandetnik

    Saturday, August 31, 2013 1:40 PM
  • Hi,

    I'm also struggling with this function. The error I'm getting is rc=2148098053 (The time stamp signer and or certificate could not be verified or is malformed). How can I get past this?

    PCRYPT_TIMESTAMP_CONTEXT tcontext = NULL;
    HCERTSTORE hStore = NULL;
       
    fReturn = CryptRetrieveTimeStamp(widestr.c_str(),
               TIMESTAMP_NO_AUTH_RETRIEVAL, 
               0, 
               szOID_RSA_MD5, 
               NULL, 
               (const BYTE*)pbMessage, 
               cbMessage, 
               &tcontext, 
               NULL, 
               &hStore);

    Where pbMessage and cbMessage is my data retrieve from CryptSignMessage.

    Any help would be appreciated.

    Thanks,

    Magda



    • Edited by magdakuit Monday, September 2, 2013 6:41 AM
    Sunday, September 1, 2013 11:04 AM
  • Hi,

    Setting the hash algorithm to below, solved my problem. 

    SigParams.HashAlgorithm.pszObjId = szOID_NIST_sha256;

    Now for verification...    

    Friday, September 6, 2013 12:20 PM
    • Edited by WindowsNT Wednesday, August 3, 2016 9:09 AM
    • Proposed as answer by WindowsNT Wednesday, August 3, 2016 9:10 AM
    • Unproposed as answer by WindowsNT Wednesday, August 3, 2016 10:14 AM
    Wednesday, August 3, 2016 9:04 AM