My app requires signing of data given to customers, so I have implemented S/MIME to sign or encrypt any sort of data, where at the same time my clients can view the signed data with either my app, or with an email client that can view EML files. So far, ok.
Now it comes to time stamping.
Am I supposed to use SignerTimeStamp? Which method, the authenticode or the RFC 3161?
What should I time stamp? The entire eml? the multipart/signed part? the signed message?
How should I put all this back in the eml so they are compatible with mail clients?
Thanks a lot.
At least I found the function to use: CryptRetrieveTimestamp