Timestamping signed documents or detached signature files

Stefan Claas stefan.claas at posteo.de
Sun Jul 22 21:44:29 CEST 2018

On Sun, 22 Jul 2018 20:39:52 +0200, Wiktor Kwapisiewicz wrote:

Hi Wiktor,

thanks for your reply, much appreciated!
> Yep, this is definitely cool.
> I don't know if you've seen it but there is also a helper script for 
> timestamping git commits:
> https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md

No, i haven't seen it, but just went through it. The author made some
interesting points, even if i don't use git.

> And one minor note, that it's actually possible to (ab)use X.509 
> timestamping servers for OpenPGP because they just timestamp any hash 
> that you give them (see e.g. [0]). You could embed the TimeStampResp
> [1] in a signature notation (assuming you would timestamp file hash,
> not the signature itself, of course).
> Another interesting tidbit, RFC 4880 contains a Timestamp signature
> flag (0x40 [2]) and a way to nest signatures, that could be used to
> provide timestamping or notary services [3].

Thank you very much for the additional infos and links, i will read them

Best regards


More information about the Gnupg-users mailing list