Proof for a creation date
Stephan Beck
stebe at mailbox.org
Fri Dec 2 14:46:00 CET 2016
Hi Quan Zhou,
Quan Zhou:
> so GnuPG's timestamping isn't an option for this?
> Even X509 has a timestamping feature for this kind of use.
>
> On Fri, Dec 2, 2016 at 11:59 AM, Schlacta, Christ <aarcane at aarcane.org>
> wrote:
>
>> The easiest way is to publish your code to a publicly controlled source
>> with a signature on or before your desired date. Not sure if there's a
>> *better* way.
>>
>> On Dec 1, 2016 7:43 PM, "Bertram Scharpf" <lists at bertram-scharpf.de>
>> wrote:
[...]
>>> I want to do the opposite. I want to make evidence
>>> that I created a document _before_ a certain point of time.
[...]
>>> Is there a standard way in GnuPG and in the keyholder
>>> infrastructure to accomplish this task?
since it is possible to fake system time by modifying system time in
BIOS (all OS with BIOS or similar) and (on GNU/Linux systems) by using
faketool application-wide, or, more specifically, gpg's
--fake-system-time EPOCH (usable from 2.1 on if gnupg was compiled using
debug flags; although this option is documented for previous versions as
to the 2.0.x manpages or the gnupg's info manual, it only is implemented
and usable in gpg 2.1. see (1)(2)(3)(4)
gpg's signature timestamp (on a given file) would NOT be a real proof of
a document being allegedly signed at that specific date or (prior to a
determined date). So it would NOT either be a credible proof of a
document being allegedly created before a determined date, if you
decided to sign it immediately after creating it in order to document
its creation date via signature time).
Cheers
Stephan
(1) https://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028724.html
(2) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760354
(3)
https://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/2014-September/001774.html
(4) https://marc.info/?l=gnupg-commit-watchers&m=146009708822599&w=2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4218732B.asc
Type: application/pgp-keys
Size: 4089 bytes
Desc: not available
URL: </pipermail/attachments/20161202/c820b04a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161202/c820b04a/attachment.sig>
More information about the Gnupg-users
mailing list