Collaborate Disseminate
We started with openssl dgst to sign and verify packages successfully. Then we thought we should do a timestamped signatures. That’s when the process is bit unclear.
We used the openssl ts commands to independently produce and verify signa… Continue reading Using Openssl for Package signing with timestamp
How do I acquire the means to prove in the future that I had possission of a
file now, without relying on the integrity of a single entity? (I believe one
way of doing it would be to put the file through SHA1, and send a minimal
amount of… Continue reading Proving that a file existed at a time
Context: There are many reasons for wanting a very trustworthy timestamp on a document, as discussed in many other questions here such as this one I wrote in 2010. E.g., in an election auditing context, one thing we’re interested in is a c… Continue reading How hard to hack are S3 Last-Modified timestamps?
Every document that needs to be eIDAS compliant needs to have a qualified timestamp. If we take an email as a document, then the email, based on eIDAS regulations, needs to have an qualified timestamp issued by a qualified CA. As I know, n… Continue reading eIDAS qualified timestamp on email
the purpose of adding trusted timestamps to signatures is so that they can be considered valid long beyond the validity of the signing certificate.
However, this is not so easy, since TSA’s signing certificate has an expiration date too or… Continue reading What’s the PROPER way to validate a signature timestamp?
So x9.95 seems to be a trusted timestamping scheme built on top of RFC3161.
I couldnāt find a good definition though how it differes or what additional constraints it imposes.
Can someone list the (technical) constraints that a x9.95 syste… Continue reading What are the main constraints x9.95 imposes on RFC3161
I’d like to test some code that should be compatible with both RFC5816 (https://www.ietf.org/rfc/rfc5816.txt) as well as RFC3161 tokens. The problem is that all timestamping services that I found so far which serve RFC5816 tokens (which us… Continue reading Looking for an RFC5816 token that does not use default hashing algorithm
RFC3161 specification (https://www.ietf.org/rfc/rfc3161.txt) section 4. "Security Considerations" states:
1. When a TSA shall not be used anymore, but the TSA private key has
not been compromised, the authority’s certifi… Continue reading RFC3161: should tokens for which intermediate certificates were revoked without ReasonCode be deemed invalid?
So, RFC5816 https://www.ietf.org/rfc/rfc5816.txt changes the specification of RFC3161 https://www.ietf.org/rfc/rfc3161.txt
RFC3161 specifies the ‘version’ field in TSTInfo to be set to 1
Why does RFC5816 not change the value of this field?… Continue reading Why does RFC5816 not change the version number defined in RFC3161
If I have a Timestamp token, then the signing certificate for the token is identified via the ESSCertID (for RFC3161 tokens) or the ESSCertIDv2 (for FC5816) of the signing certificate, which is the SHA-1 (in the case of ESSCertID) or some … Continue reading OpenSSL cli: how to extract ESSCertID or ESSCertIDv2 from SignerInfo of timestamp token