Timestamping signed documents or detached signature files
stefan.claas at posteo.de
Sun Jul 22 21:44:29 CEST 2018
On Sun, 22 Jul 2018 20:39:52 +0200, Wiktor Kwapisiewicz wrote:
thanks for your reply, much appreciated!
> Yep, this is definitely cool.
> I don't know if you've seen it but there is also a helper script for
> timestamping git commits:
No, i haven't seen it, but just went through it. The author made some
interesting points, even if i don't use git.
> And one minor note, that it's actually possible to (ab)use X.509
> timestamping servers for OpenPGP because they just timestamp any hash
> that you give them (see e.g. ). You could embed the TimeStampResp
>  in a signature notation (assuming you would timestamp file hash,
> not the signature itself, of course).
> Another interesting tidbit, RFC 4880 contains a Timestamp signature
> flag (0x40 ) and a way to nest signatures, that could be used to
> provide timestamping or notary services .
Thank you very much for the additional infos and links, i will read them
More information about the Gnupg-users