Timestamping signed documents or detached signature files
Stefan Claas
stefan.claas at posteo.de
Sun Jul 22 21:44:29 CEST 2018
On Sun, 22 Jul 2018 20:39:52 +0200, Wiktor Kwapisiewicz wrote:
Hi Wiktor,
thanks for your reply, much appreciated!
> Yep, this is definitely cool.
>
> I don't know if you've seen it but there is also a helper script for
> timestamping git commits:
>
> https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md
No, i haven't seen it, but just went through it. The author made some
interesting points, even if i don't use git.
> And one minor note, that it's actually possible to (ab)use X.509
> timestamping servers for OpenPGP because they just timestamp any hash
> that you give them (see e.g. [0]). You could embed the TimeStampResp
> [1] in a signature notation (assuming you would timestamp file hash,
> not the signature itself, of course).
>
> Another interesting tidbit, RFC 4880 contains a Timestamp signature
> flag (0x40 [2]) and a way to nest signatures, that could be used to
> provide timestamping or notary services [3].
Thank you very much for the additional infos and links, i will read them
all.
Best regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list