5 Replies
      Latest reply on Aug 16, 2019 1:07 AM by eskimo
      packagesdev Level 1 Level 1 (10 points)

        Question:

         

        How can you get a timestamp using the _public_ CMSEncoder APIs?

         

         

        As far as I can tell (due to lack of decent official documentation and ggogle search results basically limited to the libsecurity source code), it looks like that getting a timestamp would require to use private APIs (for instance to set a TSA context).

         

         

        Platform: OS X 10.8 and later

        • Re: CMSEncoder and timestamps
          eskimo Apple Staff Apple Staff (12,455 points)

          A secure timestamp?  Like the ones issued by timestamp.apple.com?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: CMSEncoder and timestamps
              packagesdev Level 1 Level 1 (10 points)

              Yes, those very same timestamps. The ones that are apparently required to be able to notarize a signed item.

                • Re: CMSEncoder and timestamps
                  eskimo Apple Staff Apple Staff (12,455 points)

                  Yes, those very same timestamps.

                  OK.  In that case I think you’re right: I don’t think it’s possible to enable secure timestamps on CMSEncoder using its public API.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: CMSEncoder and timestamps
                      packagesdev Level 1 Level 1 (10 points)

                      Is the recommended line of conduct then to (try to) use the Feedback Assistant to request public APIs and sit on one's hands waiting for at least a year to get them?

                        • Re: CMSEncoder and timestamps
                          eskimo Apple Staff Apple Staff (12,455 points)

                          Is the recommended line of conduct then to (try to) use the Feedback Assistant to request public APIs

                          Yes.

                          sit on one's hands waiting for at least a year to get them?

                          That’s really up to you.  In general, you have to balance the business need for a specific feature against the business cost of implementing that feature.  If you want a more specific answer, you’ll need to share some details about your overall goal.  Most folks who need secure timestamps get them via the codesign command line tool.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"