Timestamping signed documents or detached signature files

Wiktor Kwapisiewicz wiktor at metacode.biz
Sun Jul 22 20:39:52 CEST 2018


Hi Stefan,

 > Maybe you find this little info useful too, because i have not seen
 > this topic discussed here yet. I'm aware that there is or was an
 > old Timestamping Service in England available, but i thought
 > that the blockchain is cool.

Yep, this is definitely cool.

I don't know if you've seen it but there is also a helper script for 
timestamping git commits:

https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md

And one minor note, that it's actually possible to (ab)use X.509 
timestamping servers for OpenPGP because they just timestamp any hash 
that you give them (see e.g. [0]). You could embed the TimeStampResp [1] 
in a signature notation (assuming you would timestamp file hash, not the 
signature itself, of course).

Another interesting tidbit, RFC 4880 contains a Timestamp signature flag 
(0x40 [2]) and a way to nest signatures, that could be used to provide 
timestamping or notary services [3].

Kind regards,
Wiktor

[0]: https://tsa.safecreative.org/

[1]: https://tools.ietf.org/html/rfc3161#section-2.4.2

[2]: https://tools.ietf.org/html/rfc4880#section-5.2.1

[3]: 
https://gnupg.org/ftp/people/neal/an-advanced-introduction-to-gnupg/an-advanced-introduction-to-gnupg.pdf 
section 4.5.1

-- 
https://metacode.biz/@wiktor



More information about the Gnupg-users mailing list