New feature for GPG
Noel D. Torres Taño
ndtt at ll.iac.es
Wed Nov 6 03:06:04 CET 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm thinking in a new GPG feature. I call it Timestamping.
I know that signing data makes a timestamp in them. But that kind of
timestamps can be denied only by saying "I recognize the signer, but he
altered his computer clock while signing this."
Imagine the scene: an old rich man makes and signs two different
testaments, each one with a different heir and with a different sign
date. If they were paper testaments, it's clear that the later paper is
the valid one. But if our rich old man made GPG-signed electronic
testaments, the heir in the first testament can say that the second
testament has an altered date, caused by an alteration in the computer
clock while the old man signed it.
To avoid this scenery, I propose a new feature: remote timestamping. The
same way you can take a paper, go to the nearest post office and ask the
official to timestamp your paper, to have an official timestamping of
your paper, I propose for GPG the possibility of sending data to a
TIMESTAMPING SERVER, better if it is an official computer providing that
service.
The Timestamping server will work simply by signing the received data
and sending it back to the submitter. But this will be not a simple
signature, but will have a difference I'll explain later.
The reason if that, if you SIGN some data, you can be considered legally
responsible of that data. At least to some extent. This is the reason I
use to propose the following GPG new options (they will be the
Timestamping implementation):
Commands:
--timestamp
Make a timestamp. This command may be combined with
--encrypt. Useful only for Timestamping servers.
--cleartimestamp
Make a clear text timestamp. Useful only for Timestamping
servers.
--detached-timestamp
Make a detached timestamp. Useful only for Timestamping
servers.
--remote-timestamp
Send data to Timestamping server to be timestamped. This
command may be combined with --encrypt and --sign.
--remote-cleartimestamp
Send data to Timestamping server to be clear text
timestamped. This command may be combined with --encrypt and --sign.
--remote-detached-timestamp
Send data to Timestamping server to be detachedly
timestamped. This command may be combined with --encrypt and --sign.
Options:
--timestamp-server tsserver
Use tsserver as Timestamp server. This option can be used
more than once to have the data independently timstamped by several
servers.
Note: I can't imagine a spanish judge rejecting the date of a testament
timestamped by both Spanish Postal Service (Correos y Telegrafos), maybe
through timestamp.cyt.es and Defense Secretary (Ministerio de Defensa),
maybe through timestamp.mde.es . And the same for any country.
--default-timestamp-server tsserver
Use tsserver as Timestamp server if no --timestamp-server
options appear in the command line.
--no-default-timestamp-server
Do not use default timestamp server even if no
--timestamp-server options appear in the command line.
HOW to timestamp:
EXACTLY the same way of signing, but replacing
- -----BEGIN PGP SIGNED MESSAGE----- with -----BEGIN PGP TIMESTAMPED
MESSAGE----- ,
- -----BEGIN PGP SIGNATURE----- with -----BEGIN PGP TIMESTAMP----- and
- -----END PGP SIGNATURE----- with -----END PGP TIMESTAMP-----
WHY to timestamp in a not-exactly-the-same way than signing:
Because if you sign something, you are respinsible of that, but if you
timestamp something, you are responsible only for the timestamping.
About sending unencrypted data to timestamp:
Data will never be sent to the timestamp server in clear. How to do this
is expalined in the remote timestamping protocol below.
REMOTE TIMESTAMPING PROTOCOL
This will be a protocol carried over TCP.
1.- User's GPG connects to the timestamp server
2.- Server will inform user's GPG about version with the string
(changing the numbers as appropiate)
TIMESTAMP SERVER VERSION 1.0.0\n
3.- User's GPG will inform server about its version with the string
(changing the numbers as appropiate)
GPG VERSION 1.2.1\n
4.- Server will agree (or not) with the string
OK SEND REQUEST\n
5.- User's GPG will send one of the following strings
TIMESTAMP\n
CLEAR\n
DETACHED\n
ARMOR TIMESTAMP\n
ARMOR CLEAR\n
ARMOR DETACHED\n
6.- Server will acknowledge request and ask how data will be encrypted
with the string
REQUEST OK SELECT DATA MODE\n
7.- User's GPG will send one of the following strings
RECIPIENT\n
YOU\n
In YOU mode only:
8.- Server will send User's GPG its own public key
9.- Users's GPG will send server user's public key
In both RECIPIENT and YOU modes
10.- Server will ask for data to timestamp with the following string
OK TO RECEIVE DATA. END WITH EOF. ESCAPE EOF AND ESC CHARACTERS WITH
ESC. SEND DATA\n
In YOU mode only:
11.- User's GPG will encrypt data with server's public key and send it
to the server
In RECIPIENT mode only:
11.- User's GPG will encrypt data with recipients' public key and send
it to the server
In YOU mode only:
In TIMESTAMP mode only:
12.- Server will decrypt data with it's own private key, timestamp it
with `gpg --timestamp --encrypt -r userpublickey bufferwithdata` and
send it to user's GPG
In CLEAR mode only:
12.- Server will decrypt data with it's own private key, timestamp it
with `gpg --cleartimestamp --encrypt -r userpublickey bufferwithdata`
and send it to user's GPG
In DETACHED mode only:
12.- Server will decrypt data with it's own private key, timestamp it
with `gpg --detached-timestamp -o timestampbuffer bufferwithdata` ,
encrypt the timestamp with `gpg --encrypt -r userpublickey
timestampbuffer` and send it to user's GPG
In ARMOR TIMESTAMP mode only:
12.- Server will decrypt data with it's own private key, timestamp it
with `gpg --armor --timestamp --encrypt -r userpublickey bufferwithdata`
and send it to user's GPG
In ARMOR CLEAR mode only:
12.- Server will decrypt data with it's own private key, timestamp it
with `gpg --armor --cleartimestamp --encrypt -r userpublickey
bufferwithdata` and send it to user's GPG
In ARMOR DETACHED mode only:
12.- Server will decrypt data with it's own private key, timestamp it
with `gpg --armor --detached-timestamp -o timestampbuffer
bufferwithdata` , encrypt the timestamp with `gpg --encrypt -r
userpublickey timestampbuffer` and send it to user's GPG
In RECIPIENT mode only:
In TIMESTAMP mode only:
12.- Server will timestamp data with `gpg --timestamp bufferwithdata`
and send it to user's GPG
In CLEAR mode only:
12.- Server will timestamp data with `gpg --cleartimestamp
bufferwithdata` and send it to user's GPG
In DETACHED mode only:
12.- Server will timestamp data with `gpg --detached-timestamp -o
timestampbuffer bufferwithdata` , and send timestampbuffer to user's GPG
In ARMOR TIMESTAMP mode only:
12.- Server will timestamp data with `gpg --armor --timestamp
bufferwithdata` and send it to user's GPG
In ARMOR CLEAR mode only:
12.- Server will timestamp data with `gpg --armor --cleartimestamp
bufferwithdata` and send it to user's GPG
In ARMOR DETACHED mode only:
12.- Server will timestamp data with `gpg --armor --detached-timestamp
-o timestampbuffer bufferwithdata` , and send timestampbuffer to user's
GPG
In both RECIPIENT and YOU modes
13.- User's GPG will acknowledge received data with the string
DATA OK. BYE\n
14.- Server will cut the line.
In YOU mode, user's GPG must decrypt received data with user's private
key before giving them to the user.
I want to code all of this, but I have not enough C knowledge to do it.
I can, anyway, run a timestamp server (maybe the first) at an official
place in Spain, in my university.
Noel Torres
P.S. public key at http://www.geocities.com/envite7/noelpubk.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1rc1 (SunOS)
iD8DBQE9x/pbs8tyFYt+mkARAnZcAKDQt8iXzbADmchkofYLJF3zuKAkSwCgxdn9
HV18ghw1icica1D3QzpTnGc=
=H1OQ
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list