Stack Overflow
Stack Overflow

Questions tagged [trusted-timestamp]

Trusted timestamping is used to prove the existence of certain data before a certain point (e.g. contracts, inventions description,...) without the possibility that the owner can backdate the timestamps.

Trusted timestamping is used to prove the existence of certain data before a certain point (e.g. contracts, inventions description,...) without the possibility that the owner can backdate the timestamps.

The technique is based on digital signatures and hash functions.

According to the RFC 3161 standard, a trusted timestamp is a timestamp issued by a trusted third party (TTP) acting as a Time Stamping Authority (TSA). ANSI ASC X9.95 standard also requires the third party to prove that a reliable time source was used.

87 questions
5
votes
2 answers

Steps to include timestamp in PDF signature

Good day, I'm trying to embedded timestamp information into a pdf signature so that adobe will report to me that the signature was timestamp. Currently, all I've achieved is that Adobe reports that "The signature includes an embedded timestamp but…
Magda
  • 201
  • 3
  • 10
5
votes
2 answers

pkcs7 with timestamp

I am looking at it for a day now, and I am still baffled. I want to add digital signature to a PDF with timestamp from a TSA (TimeStamp Authority). I am okay with sending the request to a TSA and receiving a binary response, but how do I append…
dande
  • 233
  • 2
  • 11
4
votes
0 answers

Add timestamp to PDF signature using PHP

Using tcpdf library I'm able to add a signature to pdf but timestamp (RFC3161) is not yet implemented in this library (applyTSA) and I need this feature. According to ISO 32000-1:2008: Time stamp information as an unsigned attribute (PDF 1.6): The…
h2odev
  • 634
  • 9
  • 21
4
votes
1 answer

How to sign data in MySQL database revision safe (trusted timestamping)?

I am currently planning a project in which revision safety of the database data is important. This means: we want to be able to proof that the data in the database was not tempered with since it was imported - no user changed the value, no db admin…
Steffen
  • 2,235
  • 13
  • 19
4
votes
2 answers

What is needed to setup a (personal) executable/code timestamp service?

We are using verisign's time stamp service currently, but every so often the time stamp server becomes unavailable - mostly due to our ISP failing. We now timestamp everything we build, even simple dev builds as we had a lot of trouble with Vista…
Greg Domjan
  • 13,943
  • 6
  • 43
  • 59
4
votes
2 answers

What happens to Java Web Start application (signed without timestamp) when certificate expires?

We have a Java Web Start application signed with a certificate from CA (Thawte). The application is distributed to the hundreds of customers. They hosted it on their servers a run it over the internet or intranet on their client computers. Now it…
stepand76
  • 467
  • 6
  • 17
4
votes
1 answer

Which data from a CMSSignedData object must I pass to generate a valid Timestamp?

I have a valid PKCS7 file loaded into a CMSSignedData object. This PKCS7 file includes a plain text message and a valid attached digital signature (all in the same file). Now I want to timestamp this file. This is the code I'm using (source): …
Broken_Window
  • 2,037
  • 3
  • 21
  • 47
4
votes
1 answer

Adding Response from TSA to CRYPT_SIGN_MESSAGE_PARA for CryptSignMessage (c++, Crypto Api)

I'm struggling how must I add the response from a TSA server to my CryptSignMessage? Using PKCS#7. I currently have my message digest and I successfully sign it with CryptSignMessage from crypto api. Like so: // Initialize the signature…
Magda
  • 201
  • 3
  • 10
4
votes
3 answers

Digitally Sign and timestamp a PDF in java

I would like to attach a digital signature to a PDF file in Java and then timestamp this file with a trusted timestamp authority. How do I do this?
DD.
  • 21,498
  • 52
  • 157
  • 246
3
votes
2 answers

Java Implementation of time stamp protocol

We currently using openssl for timestamping. I wonder, is there a Java implementation of Time stamp protocol (RFC 3161).
ayengin
  • 1,606
  • 1
  • 22
  • 47
3
votes
2 answers

Why is the signature on my executable still valid?

I have this executable, written in vb.Net and compiled to a Windows executable for .Net Framework 2.0. Because we use software whitelisting to prevent unknown Software on our Windows clients, this executable is strongnamed and signed using Visual…
Stephan B
  • 3,671
  • 20
  • 33
3
votes
2 answers

Timestamp server rfc3161 response token generation in Python

I'm trying to implement tsa server on python using twisted. Currently I'm using openssl binary to generate response, but this seems ugly to me, that's why I'm trying to figure out how to make response token with m2crypto. Thanks in advance for…
frx
  • 492
  • 5
  • 15
3
votes
1 answer

Digital signature with timestamp in Java

I have an issue creating a valid CMS signature with Bouncy Castle using a trusted timestamp. The signature creation works well (I want to include the signature to a PDF file), the signature is valid. But after I include a trusted timestamp to the…
dande
  • 233
  • 2
  • 11
2
votes
3 answers

Timestamp Response is Incorrect - BouncyCastle

Trying to request a timestamp (RFC 3161) by using BouncyCastle and connecting to http://timestamping.edelweb.fr/service/tsp. I do get a TimestampResponse back from the server but it seems to be without an actual date. This is the code: public static…
willcodejavaforfood
  • 43,223
  • 17
  • 81
  • 111
2
votes
0 answers

Does an expired timestamping certificate invalide the Code Signing?

TL;DR Question Does the expiry of the Timestamp Certificate have any bearing on the validity of the signed file (under normal Windows operation)? Preamble The basics of Code Signing and Timestamping can be found at various…
Martin Ba
  • 37,187
  • 33
  • 183
  • 337
1
2
3 4 5 6