Introduce
Time-Stamp Protocol (TSP)
OpenSSL
$ cat my_file.txt | base64
SGVsbG8gV29ybGQgLSAyMDE5Cg==
$ openssl ts -query -data my_file.txt -no_nonce -sha512 -out file.tsq
SEQUENCE (2 elem)
INTEGER 1
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 sha-512 (NIST Algorithm)
NULL
OCTET STRING (64 byte) B5EC045E1B68905E5A37D5A51C74DA2D71586F039EDF5C69D89027D92398F64EA1917D…
$ curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr -o file.tsr
SEQUENCE (2 elem)
SEQUENCE (1 elem)
INTEGER 0
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.2 signedData (PKCS #7)
[0] (1 elem)
SEQUENCE (4 elem)
INTEGER 3
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.16.1.4 tSTInfo (S/MIME Content Types)
[0] (1 elem)
OCTET STRING (1 elem)
SEQUENCE (7 elem)
INTEGER 1
OBJECT IDENTIFIER 1.2.3.4.1
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 sha-512 (NIST Algorithm)
NULL
OCTET STRING (64 byte) B5EC045E1B68905E5A37D5A51C74DA2D71586F039EDF5C69D89027D92398F64EA1917D…
INTEGER 1036201
GeneralizedTime 2019-06-08 04:22:25 UTC
BOOLEAN true
[0] (1 elem)
[4] (1 elem)
SEQUENCE (8 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
PrintableString Free TSA
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
PrintableString TSA
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.13 description (X.520 DN component)
PrintableString This certificate digitally signs documents and time stamp requests made using th…
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
PrintableString www.freetsa.org
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead)
IA5String busilezas@gmail.com
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
PrintableString Wuerzburg
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString DE
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
PrintableString Bayern
SET (1 elem)
SEQUENCE (6 elem)
INTEGER 1
SEQUENCE (2 elem)
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
PrintableString Free TSA
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
PrintableString Root CA
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
PrintableString www.freetsa.org
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead)
IA5String busilezas@gmail.com
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
PrintableString Wuerzburg
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
PrintableString Bayern
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString DE
INTEGER (64 bit) 13972846748170250626
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW)
NULL
[0] (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.16.1.4 tSTInfo (S/MIME Content Types)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2019-06-08 04:22:25 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (20 byte) 6349C95428CA52F4410545F86F22CE4C8DFB3C3B
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.16.2.12 signingCertificate (S/MIME Authenticated Attributes)
SET (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
OCTET STRING (20 byte) 916DA3D860ECCA82E34BC59D1793E7E968875F14
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
NULL
OCTET STRING (512 byte) ABE42D8E43657A4C582A75B0898C5400248DE00DD9C6BA35899C3769A91B38C135C41…
$ openssl ts -verify -in file.tsr -queryfile file.tsq -CAfile cacert.pem -untrusted tsa.crt
Verification: OK
Get sample: https://playsecurity.org/getdoc/3693_DB559B4E3817426CD9E2478102BF3B6C/tsp_test.tar.gz
Libray
Go
- https://github.com/digitorus/timestamp - certlint
Time-Stamp Protocol (TSP) package for Go
Groovy
- https://github.com/jan-zajic/tsa-server - portable Time Stamp Server (over HTTP)
This is server for Time-Stamp Protocol via HTTP server (https://tools.ietf.org/html/rfc3161 3.4.)
Java
- https://github.com/fzilic/tsp-client - TSA TimeStamp Client
Simple RFC3161 console mode client.
.Net
- https://github.com/disig/TimeStampClient - TimeStampClient
Easy to use .NET RFC 3161 time-stamp client library and applications based on Bouncy Castle library.
Reference
https://tools.ietf.org/html/rfc3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
https://www.freetsa.org/index_en.php - freeTSA.org provides a free Time Stamp Authority
https://www.cnblogs.com/zsychanpin/p/7071464.html - 介绍一个法国的时间戳server