"gpg: Signature made <date time>" tamper resistant?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Mar 4 04:59:52 CET 2013
On 03/03/2013 09:30 PM, Craig Ringer wrote:
> I've been wondering for a while if anyone's running
> a GPG remote timestamping and attestation service, where you can submit
> text (or the hash of a binary) to the service by web or email and have
> it sign it with a key only it had access to. The timestamp signature
> could then be verified by anyone, without relying on the service being
> up or even the continued existence of the service, in order to prove
> that at a certain time a certain text existed.
Take a look at http://www.itconsult.co.uk/stamper.htm
I have no experience with them, but they've been discussed before in
this list, if you want to review the archives.
You might also be interested in the relevant wikipedia article:
https://en.wikipedia.org/wiki/Trusted_timestamping
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130303/2dd4d897/attachment.pgp>
More information about the Gnupg-users
mailing list