Timestamping signed documents or detached signature files
Wiktor Kwapisiewicz
wiktor at metacode.biz
Sun Jul 22 20:39:52 CEST 2018
Hi Stefan,
> Maybe you find this little info useful too, because i have not seen
> this topic discussed here yet. I'm aware that there is or was an
> old Timestamping Service in England available, but i thought
> that the blockchain is cool.
Yep, this is definitely cool.
I don't know if you've seen it but there is also a helper script for
timestamping git commits:
https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md
And one minor note, that it's actually possible to (ab)use X.509
timestamping servers for OpenPGP because they just timestamp any hash
that you give them (see e.g. [0]). You could embed the TimeStampResp [1]
in a signature notation (assuming you would timestamp file hash, not the
signature itself, of course).
Another interesting tidbit, RFC 4880 contains a Timestamp signature flag
(0x40 [2]) and a way to nest signatures, that could be used to provide
timestamping or notary services [3].
Kind regards,
Wiktor
[0]: https://tsa.safecreative.org/
[1]: https://tools.ietf.org/html/rfc3161#section-2.4.2
[2]: https://tools.ietf.org/html/rfc4880#section-5.2.1
[3]:
https://gnupg.org/ftp/people/neal/an-advanced-introduction-to-gnupg/an-advanced-introduction-to-gnupg.pdf
section 4.5.1
--
https://metacode.biz/@wiktor
More information about the Gnupg-users
mailing list