Stack Overflow
Stack Overflow

Questions tagged [trusted-timestamp]

Trusted timestamping is used to prove the existence of certain data before a certain point (e.g. contracts, inventions description,...) without the possibility that the owner can backdate the timestamps.

Trusted timestamping is used to prove the existence of certain data before a certain point (e.g. contracts, inventions description,...) without the possibility that the owner can backdate the timestamps.

The technique is based on digital signatures and hash functions.

According to the RFC 3161 standard, a trusted timestamp is a timestamp issued by a trusted third party (TTP) acting as a Time Stamping Authority (TSA). ANSI ASC X9.95 standard also requires the third party to prove that a reliable time source was used.

87 questions
39
votes
1 answer

Does anyone know a free(trial) timestamp server service?

Would like to know if anybody knows any free(trial) time-stamp server service. I would like to test time stamping features in itext. Like I used Start Com class 1 as free CA for testing purposes. Hope I made it clear. Hoping someone knows a…
caniaskyouaquestion
  • 657
  • 2
  • 11
  • 21
27
votes
11 answers

Is there a way to digitally sign documents to prove they existed at a certain point in time

I'm curious if there is way to digitally sign documents (technically any piece of data), such as contracts or photos, so that 10 years from now, it can be proven that they are from this time, not forged 9 years from now. For example, I could write a…
Bart van Heukelom
  • 43,244
  • 59
  • 186
  • 301
22
votes
2 answers

Why should we set a timestamp when we do a codesigning?

If I set a timestamp with signing, what happens? What if I don't set? Is it essential? Why is it recommended?
Benjamin
  • 10,085
  • 19
  • 80
  • 130
20
votes
4 answers

How to validate if a signed jar contains a timestamp?

After a jar is signed and the -tsa option was used, how can I validate that the time stamp was included? I tried: jarsigner -verify -verbose -certs myApp.jar But the output does not specify anything about the time stamp. I'm asking because even if…
user199092
  • 293
  • 1
  • 2
  • 11
20
votes
5 answers

How can I use RFC3161 (trusted) timestamps to prove the age of commits in my Git repository?

Updated I have posted a script I'm using for this to the StackExchange Code Review site. My original question for this was Is there a way I can sign a Git commit with an X.509 certificate and timestamp?. For a while I thought I could only get…
Ryan J
  • 2,502
  • 5
  • 31
  • 41
19
votes
3 answers

Verify RFC 3161 trusted timestamp

In my build process, I want to include a timestamp from an RFC-3161-compliant TSA. At run time, the code will verify this timestamp, preferably without the assistance of a third-party library. (This is a .NET application, so I have standard hash…
P Daddy
  • 28,912
  • 9
  • 68
  • 92
15
votes
4 answers

SOAP message to webservice - HTTP response code: 403 for URL

I try to send a SOAP message in an XML file to a webservice and than grab the binary output and decode it. Endpoint uses HTTPS protocol, so I used TrustManager in my code to avoid PKIX problems. You can see my code here: import…
plaidshirt
  • 5,189
  • 19
  • 91
  • 181
13
votes
3 answers

How Can I Prevent Needing to Re-sign My Code Every 1 or 2 Years?

I was reading What happens when a code signing certificate expires - Stack Overflow and wondering about a more solid answer. The answer provided was more about setting up your own CA. Even with your own CA you will still need to deal with expiring…
Bratch
  • 4,103
  • 5
  • 27
  • 32
13
votes
2 answers

Whether/how to avoid SHA-1 signed timestamp when code signing?

We just switched from a SHA-1 to a SHA-2 code signing certificate. (As background info, we sign .exe and .xap files on Windows with signtool.exe, using COMODO code signing certificates.) We do this using a certified timestamp, to make sure that…
MarnixKlooster ReinstateMonica
  • 9,640
  • 14
  • 54
  • 108
13
votes
3 answers

How to verify that timestamping is done correctly for signed code

I have just got my code signing certificate from StartSSL and am trying to sign our installer. The signing process goes well and I get an installer exe that Windows no longer complains about being from unknown publisher. This is great! However I…
B2B
  • 131
  • 1
  • 3
8
votes
5 answers

How do you deploy your own Authenticode Timestamping Service?

I would like to timestamp my DLL file with my own Authenticode Timestamping Service. Is this possible? How could I achieve this?
Alexandru
  • 12,264
  • 17
  • 113
  • 208
7
votes
3 answers

How to add timestamp certificate to a signed PE file on Linux?

I need to digitally sign×tamp a PE file (EFI, actually) on Linux. I found 3 tools for signing PE files: pesign, osslsigncode and signcode (mono), but it seems none quite fits my needs. The problem is, the key is on a hardware token and cannot…
Konstantin Vlasov
  • 150
  • 10
6
votes
2 answers

Cryptographic Time

Is there a cryptographic mechanism by which it is possible to sign a document with a date, such that it is not possible to forge that same signature at a later date? Maybe some sort of server that publishes daily cryptographic keys (but how can you…
luqui
  • 59,485
  • 12
  • 145
  • 204
6
votes
1 answer

Signtool.exe /dg /ds /di options and timestamping

We are working on optimizing the digital signing process using the signtool.exe digest options. So far the workflow looks like this: Create the digest on the client: signtool.exe sign /f cert /fd sha256 /dg . MyFile.dll Send MyFile.dll.dig digest…
Alex I
  • 2,078
  • 3
  • 18
  • 24
6
votes
2 answers

How do I securely sign data with a timestamp?

I would like to sign records in a database with a secure timestamp to prove they have not been altered by anyone after that date. What methods or protocols should I consider? RFC 3161? Most of the websites I've found that claim to provide that…
joeforker
  • 40,459
  • 37
  • 151
  • 246
1
2 3 4 5 6