2

I want to get external proof for the time a picture was recorded. I was thinking of using ssl timestamp and a public time stamping authority for this. It would not prove exactly when the picture was taken but prove that the picture existed at the point in time the TSA signature was created, which is enough for my needs.

I have found [this guide] (https://www.freetsa.org/index_en.php). Say the file I want time stamped is image.png

  1. Generate a hash of the file.

openssl ts -query -data image.png -no_nonce -sha512 -out image.tsq

  1. Get a signed time stamp from freetsa.org for instance:

curl -H "Content-Type: application/timestamp-query" --data-binary '@image.tsq' https://freetsa.org/tsr > image.tsr

Then I can validate the image.tsr (both cacert.pem and tsa.crt are downloaded from freetsa.org):

openssl ts -verify -in image.tsr -queryfile image.tsq -CAfile cacert.pem -untrusted tsa.crt

The problem comes when I want to validate the image file itself, which fails:

openssl ts -verify -in image.tsr -data image.png -CAfile cacert.pem

I'm new to the signing and timestamping process and would like understand what I'm doing wrong here.

OneSevenTwoNine
  • 21
  • 4
  • If you're getting error 2107C080 it's because verifying a no-cert (default) response requires both `-CAfile` (or `-CApath` with hashname) **AND `-untrusted`** even when you use `-data` and not `-queryfile`. Also SSL/TLS is only used for transport and does not contribute at all to the timestamp, and this isn't really a programming or development issue. – dave_thompson_085 Jun 07 '20 at 22:56

0 Answers0