Skip to content

Instantly share code, notes, and snippets.

@mostafabahri

mostafabahri/tsa.md

Last active January 25, 2018 22:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mostafabahri/e11512eb22f63a465c4f749c3780c6be to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mostafabahri/e11512eb22f63a465c4f749c3780c6be to your computer and use it in GitHub Desktop.
Download ZIP
TSA guide
Raw
tsa.md

Trusted Timestamping Workflow

Send and verify a rfc3161 standard timestamp request

  1. Create a timestamp request (tsq)
    openssl ts -query -data file.txt -no_nonce -out request.tsq

    Got the hash already?
    openssl ts -query -digest b7e5d3f9319... -no_nonce -out request.tsq

  2. Send the tsq to the timestamp authority (tsa)
    curl -H 'Content-Type: application/timestamp-query' --data-binary @request.tsq http://tsa.safecreative.org -o response.tsr

    Here we're using safecreative as our example TSA.

    Now you must be able to lookup your hash on http://tsa.safecreative.org/

  3. Verify the tsa response with tsr file:

    • openssl ts -verify -in response.tsr -data file.txt -CAfile SafeCreative_TSA.cer
      The CAfile argument requires TSA's certificate which should be available on the webpage of your TSA.
    • openssl ts -verify -in response.tsr -queryfile request.tsq -CAfile SafeCreative_TSA.cer
      If you got both the ts request and response.
    • openssl ts -verify -in response.tsr -digest b7e5d3f9319... -CAfile SafeCreative_TSA.cer
      If you only have the hash digest.

Useful Options

  • human readable tsq:
    openssl ts -query -in wow.tsq -text
  • human readable tsr:
    openssl ts -reply -in response.tsr -text

More on openssl ts manual.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment