Time-Stamp Protocol

=Introduction=

''The Time-Stamp Protocol, or TSP is a cryptographic protocol for certifying timestamps using X.509 certificates and public key infrastructure. The timestamp is the signer's assertion that a piece of electronic data existed at or before a particular time.''

https://tools.ietf.org/html/rfc3161

=Démonstration=

LibreOffice
Voir https://freetsa.org/guide/libreoffice-time-stamping.html

FreeTSA
Voir Time Stamp Authority https://freetsa.org/index_en.php#online

openssl ts -query -data file.png -no_nonce -sha512 -out file.tsq
 * 1) 1. create a tsq file (SHA 512)
 * 1) 1. create a tsq file (SHA 512)

openssl ts -query -in file.tsq -text


 * 1) Option -cert: FreeTSA is expected to include its signing certificate in the response. (Optional)
 * 2) If the tsq was created with the option "-cert", its verification does not require "-untrusted".
 * 3) $ openssl ts -query -data file.png -no_nonce -sha512 -cert -out file.tsq


 * 1) How to make Timestamps of many files?


 * 1) To timestamp multiple files, create a text file with all their SHA-512 hashes and timestamp it.
 * 2) Alternatively, you may pack all the files to be timestamped in a zip/rar/img/tar, etc file and timestamp it.

$ find /var/log/ -type f -exec sha512sum {} + > compilation.txt
 * 1) Generate a text file with all the hashes of the /var/log/ files


 * 1) 2. cURL Time Stamp Request Input (HTTP / HTTPS)
 * 1) 2. cURL Time Stamp Request Input (HTTP / HTTPS)

curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr
 * 1) HTTP 2.0 in cURL: Get the latest cURL release and use this command: curl --http2.


 * 1) Using the Tor-network.
 * 2) $ curl -k --socks5-hostname 127.0.0.1:9050 -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://th3ccojidpgbgv5d.onion/tsr > file.tsr


 * 1) tsget is very useful to stamp multiple time-stamp-queries: https://www.openssl.org/docs/manmaster/apps/tsget.html
 * 2) $ tsget -h https://freetsa.org/tsr file1.tsq file2.tsq file3.tsq


 * 1) 3. Verify tsg file
 * 1) 3. Verify tsg file

wget https://freetsa.org/files/tsa.crt wget https://freetsa.org/files/cacert.pem

openssl ts -reply -in file.tsr -text
 * 1) Timestamp Information.

openssl ts -verify -in file.tsr -queryfile file.tsq -CAfile cacert.pem -untrusted tsa.crt
 * 1) Verify (two diferent ways).
 * 2) openssl ts -verify -data file -in file.tsr -CAfile cacert.pem -untrusted tsa.crt
 * 1) Verification: OK

Java

 * https://techblog.bozho.net/using-trusted-timestamping-java/
 * https://gist.github.com/Glamdring/c452531e97073a9ab259b987b62bbd77