]> pere.pagekite.me Git - homepage.git/blob - blog/Public_Trusted_Timestamping_services_for_everyone.html
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Generated.
[homepage.git] / blog / Public_Trusted_Timestamping_services_for_everyone.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
4 <head>
5 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
6 <title>Petter Reinholdtsen: Public Trusted Timestamping services for everyone</title>
7 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
8 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
9
10
11 </head>
12 <body>
13 <div class="title">
14 <h1>
15 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
16
17 </h1>
18
19 </div>
20
21
22 <div class="entry">
23 <div class="title">Public Trusted Timestamping services for everyone</div>
24 <div class="date">25th March 2014</div>
25 <div class="body"><p>Did you ever need to store logs or other files in a way that would
26 allow it to be used as evidence in court, and needed a way to
27 demonstrate without reasonable doubt that the file had not been
28 changed since it was created? Or, did you ever need to document that
29 a given document was received at some point in time, like some
30 archived document or the answer to an exam, and not changed after it
31 was received? The problem in these settings is to remove the need to
32 trust yourself and your computers, while still being able to prove
33 that a file is the same as it was at some given time in the past.</p>
34
35 <p>A solution to these problems is to have a trusted third party
36 "stamp" the document and verify that at some given time the document
37 looked a given way. Such
38 <a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service
39 have been around for thousands of years, and its digital equivalent is
40 called a
41 <a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted
42 timestamping service</a>. <a href="http://www.ietf.org/">The Internet
43 Engineering Task Force</a> standardised how such service could work a
44 few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC
45 3161</a>. The mechanism is simple. Create a hash of the file in
46 question, send it to a trusted third party which add a time stamp to
47 the hash and sign the result with its private key, and send back the
48 signed hash + timestamp. Anyone with the document and the signature
49 can then verify that the document matches the signature by creating
50 their own hash and checking the signature using the trusted third
51 party public key. There are several commercial services around
52 providing such timestamping. A quick search for
53 "<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161
54 service</a>" pointed me to at least
55 <a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>,
56 <a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo
57 Vadis</a>,
58 <a href="https://www.globalsign.com/timestamp-service/">Global Sign</a>
59 and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global
60 Trust Finder</a>. The system work as long as the private key of the
61 trusted third party is not compromised.</p>
62
63 <p>But as far as I can tell, there are very few public trusted
64 timestamp services available for everyone. I've been looking for one
65 for a while now. But yesterday I found one over at
66 <a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches
67 Forschungsnetz</a>mentioned in
68 <a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a
69 blog by David Müller</a>. I then found a good recipe on how to use
70 over at the
71 <a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">University
72 of Greifswald</a>. The OpenSSL library contain both server and tools
73 to use and set up your own signing service. See the ts(1SSL),
74 tsget(1SSL) manual pages for more details. The following shell script
75 demonstrate how to extract a signed timestamp for any file on the disk
76 in a Debian environment:
77
78 <p><blockquote><pre>
79 #!/bin/sh
80 set -e
81 url="http://zeitstempel.dfn.de"
82 caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
83 reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
84 resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
85 cafile=chain.txt
86 if [ ! -f $cafile ] ; then
87 wget -O $cafile "$caurl"
88 fi
89 openssl ts -query -data "$1" -cert | tee "$reqfile" \
90 | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
91 openssl ts -reply -in "$resfile" -text 1>&2
92 openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
93 base64 < "$resfile"
94 rm "$reqfile" "$resfile"
95 </pre></blockquote></p>
96
97 <p>The argument to the script is the file to timestamp, and the output
98 is a base64 encoded version of the signature to STDOUT and details
99 about the signature to STDERR. Note that due to
100 <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug
101 in the tsget script</a>, you might need to modify the included script
102 and remove the last line. Or just write your own HTTP uploader using
103 curl. :) Now you too can prove and verify that files have not been
104 changed.</p>
105
106 <p>But the Internet need more public trusted timestamp services.
107 Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or
108 my work place the <a href="http://www.uio.no/">University of Oslo</a>
109 to set up?</p>
110 </div>
111
112 <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.</div>
113
114
115 </div>
116
117
118
119
120 <div id="sidebar">
121
122
123
124 <h2>Archive</h2>
125 <ul>
126
127 <li>2014
128 <ul>
129
130 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/01/">January (2)</a></li>
131
132 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/02/">February (3)</a></li>
133
134 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (6)</a></li>
135
136 </ul></li>
137
138 <li>2013
139 <ul>
140
141 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/01/">January (11)</a></li>
142
143 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/02/">February (9)</a></li>
144
145 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/03/">March (9)</a></li>
146
147 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/04/">April (6)</a></li>
148
149 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/05/">May (9)</a></li>
150
151 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/06/">June (10)</a></li>
152
153 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/07/">July (7)</a></li>
154
155 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/08/">August (3)</a></li>
156
157 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/09/">September (5)</a></li>
158
159 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/10/">October (7)</a></li>
160
161 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/11/">November (9)</a></li>
162
163 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/12/">December (3)</a></li>
164
165 </ul></li>
166
167 <li>2012
168 <ul>
169
170 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
171
172 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
173
174 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
175
176 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>
177
178 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>
179
180 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>
181
182 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>
183
184 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>
185
186 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (9)</a></li>
187
188 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/10/">October (17)</a></li>
189
190 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/11/">November (10)</a></li>
191
192 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/12/">December (7)</a></li>
193
194 </ul></li>
195
196 <li>2011
197 <ul>
198
199 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
200
201 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
202
203 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
204
205 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
206
207 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
208
209 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
210
211 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
212
213 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
214
215 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
216
217 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
218
219 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
220
221 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
222
223 </ul></li>
224
225 <li>2010
226 <ul>
227
228 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
229
230 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
231
232 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
233
234 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
235
236 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
237
238 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
239
240 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
241
242 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
243
244 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
245
246 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
247
248 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
249
250 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
251
252 </ul></li>
253
254 <li>2009
255 <ul>
256
257 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
258
259 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
260
261 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
262
263 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
264
265 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
266
267 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
268
269 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
270
271 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
272
273 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
274
275 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
276
277 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
278
279 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
280
281 </ul></li>
282
283 <li>2008
284 <ul>
285
286 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
287
288 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
289
290 </ul></li>
291
292 </ul>
293
294
295
296 <h2>Tags</h2>
297 <ul>
298
299 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
300
301 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
302
303 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
304
305 <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
306
307 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (8)</a></li>
308
309 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (14)</a></li>
310
311 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
312
313 <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
314
315 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (95)</a></li>
316
317 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (145)</a></li>
318
319 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
320
321 <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (10)</a></li>
322
323 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
324
325 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (240)</a></li>
326
327 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (21)</a></li>
328
329 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
330
331 <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (12)</a></li>
332
333 <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (6)</a></li>
334
335 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>
336
337 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (39)</a></li>
338
339 <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (7)</a></li>
340
341 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (18)</a></li>
342
343 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
344
345 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (7)</a></li>
346
347 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
348
349 <li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (7)</a></li>
350
351 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (26)</a></li>
352
353 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (242)</a></li>
354
355 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (162)</a></li>
356
357 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (11)</a></li>
358
359 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
360
361 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (46)</a></li>
362
363 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (69)</a></li>
364
365 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
366
367 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
368
369 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
370
371 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>
372
373 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
374
375 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
376
377 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
378
379 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (36)</a></li>
380
381 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
382
383 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>
384
385 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (44)</a></li>
386
387 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>
388
389 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (9)</a></li>
390
391 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (22)</a></li>
392
393 <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (1)</a></li>
394
395 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
396
397 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (40)</a></li>
398
399 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
400
401 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (29)</a></li>
402
403 </ul>
404
405
406 </div>
407 <p style="text-align: right">
408 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.6</a>
409 </p>
410
411 </body>
412 </html>
Nettsider og blogg.