Introduce
Time-Stamp Protocol (TSP)
OpenSSL
$ cat my_file.txt | base64 SGVsbG8gV29ybGQgLSAyMDE5Cg== $ openssl ts -query -data my_file.txt -no_nonce -sha512 -out file.tsq SEQUENCE (2 elem) INTEGER 1 SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 sha-512 (NIST Algorithm) NULL OCTET STRING (64 byte) B5EC045E1B68905E5A37D5A51C74DA2D71586F039EDF5C69D89027D92398F64EA1917D… $ curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr -o file.tsr SEQUENCE (2 elem) SEQUENCE (1 elem) INTEGER 0 SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.7.2 signedData (PKCS #7) [0] (1 elem) SEQUENCE (4 elem) INTEGER 3 SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW) NULL SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.16.1.4 tSTInfo (S/MIME Content Types) [0] (1 elem) OCTET STRING (1 elem) SEQUENCE (7 elem) INTEGER 1 OBJECT IDENTIFIER 1.2.3.4.1 SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3 sha-512 (NIST Algorithm) NULL OCTET STRING (64 byte) B5EC045E1B68905E5A37D5A51C74DA2D71586F039EDF5C69D89027D92398F64EA1917D… INTEGER 1036201 GeneralizedTime 2019-06-08 04:22:25 UTC BOOLEAN true [0] (1 elem) [4] (1 elem) SEQUENCE (8 elem) SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component) PrintableString Free TSA SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component) PrintableString TSA SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.13 description (X.520 DN component) PrintableString This certificate digitally signs documents and time stamp requests made using th… SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component) PrintableString www.freetsa.org SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead) IA5String busilezas@gmail.com SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component) PrintableString Wuerzburg SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component) PrintableString DE SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component) PrintableString Bayern SET (1 elem) SEQUENCE (6 elem) INTEGER 1 SEQUENCE (2 elem) SEQUENCE (7 elem) SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component) PrintableString Free TSA SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component) PrintableString Root CA SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component) PrintableString www.freetsa.org SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead) IA5String busilezas@gmail.com SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component) PrintableString Wuerzburg SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component) PrintableString Bayern SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component) PrintableString DE INTEGER (64 bit) 13972846748170250626 SEQUENCE (2 elem) OBJECT IDENTIFIER 1.3.14.3.2.26 sha1 (OIW) NULL [0] (4 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9) SET (1 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.16.1.4 tSTInfo (S/MIME Content Types) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9) SET (1 elem) UTCTime 2019-06-08 04:22:25 UTC SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9) SET (1 elem) OCTET STRING (20 byte) 6349C95428CA52F4410545F86F22CE4C8DFB3C3B SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.9.16.2.12 signingCertificate (S/MIME Authenticated Attributes) SET (1 elem) SEQUENCE (1 elem) SEQUENCE (1 elem) SEQUENCE (1 elem) OCTET STRING (20 byte) 916DA3D860ECCA82E34BC59D1793E7E968875F14 SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) NULL OCTET STRING (512 byte) ABE42D8E43657A4C582A75B0898C5400248DE00DD9C6BA35899C3769A91B38C135C41… $ openssl ts -verify -in file.tsr -queryfile file.tsq -CAfile cacert.pem -untrusted tsa.crt Verification: OK
Get sample: https://playsecurity.org/getdoc/3693_DB559B4E3817426CD9E2478102BF3B6C/tsp_test.tar.gz
Libray
Go
- https://github.com/digitorus/timestamp
- certlint
Time-Stamp Protocol (TSP) package for Go
Groovy
- https://github.com/jan-zajic/tsa-server
- portable Time Stamp Server (over HTTP)
This is server for Time-Stamp Protocol via HTTP server (https://tools.ietf.org/html/rfc3161 3.4.)
Java
- https://github.com/fzilic/tsp-client
- TSA TimeStamp Client
Simple RFC3161 console mode client.
.Net
- https://github.com/disig/TimeStampClient
- TimeStampClient
Easy to use .NET RFC 3161 time-stamp client library and applications based on Bouncy Castle library.
Reference
https://tools.ietf.org/html/rfc3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
https://www.freetsa.org/index_en.php - freeTSA.org provides a free Time Stamp Authority
https://www.cnblogs.com/zsychanpin/p/7071464.html - 介绍一个法国的时间戳server