You are located in service: Certificates

Time stamp

Time stamp

Kurzinformation

Within the DFN-PKI a time stamp service can be used.

The time stamp service of the DFN is used to certify the status quo of a file at a certain point in time by a trustworthy instance (here DFN-PKI).

The DFN time stamp service can be used for non-commercial purposes within the framework of the DFN statutes.

A separate certificate is not necessary.

The time stamp server can be reached via the URL http://zeitstempel.dfn.de - a query of this URL in the browser is not possible (warning). Programs such as Adobe Acrobat or openssl (from version 1.0, see below) but also components from Microsoft or Java can be used. In addition, the libraries BouncyCastle are available for Java and C# and BouncyCastlePP is a port of BouncyCastle for C++.


Anleitung

According to information from DFN openssl (>= 1.1.xx) should work - but if necessary openssl has to be built by yourself

build openssl yourself
 cd ~
git clone https://github.com/openssl/openssl.git
 
cd openssl
./Configure linux-x86_64
./config --prefix=${HOME}/opt/openssl --openssldir=${HOME}/opt/openssl
make
make test
 
export OPENSSL=${HOME}/opt/openssl
export C_INCLUDE_PATH=$OPENSSL/include
export LIBRARY_PATH=$OPENSSL/lib
export LD_LIBRARY_PATH=$LIBRARY_PATH:$LD_LIBRARY_PATH
export OPENSSL_PREFIX=${OPENSSL}
 
echo ${OPENSSL}
echo ${C_INCLUDE_PATH}
echo ${LD_LIBRARY_PATH}
echo ${OPENSSL_PREFIX}
 
${HOME}/opt/openssl/bin/openssl
OpenSSL> version
OpenSSL 1.1.1-pre5-dev  xx XXX xxxx
OpenSSL>
[[ -f ${HOME}/opt/openssl/bin/openssl ]] && (export MYOPENSSL="${HOME}/opt/openssl/bin/openssl") || (export MYOPENSSL="openssl")
 
Generate example cod
echo -e "#\!/usr/bin/env bash\n\n#© by ra@rwth-aachen.de\n\n echo 'hello dfn timestamp world'\n\n#########\n# EOF" > dfn-timestamp-test.sh
 
chmod 750 dfn-timestamp-test.sh
 
./dfn-timestamp-test.sh
hello dfn timestamp world
 
generate "timestamp request"
${MYOPENSSL} ts -query -data dfn-timestamp-test.sh -cert -sha256 -no_nonce -out dfn-timestamp-test.tsq
 
Send the "timestamp request" to the timestamp server
curl -s -S -k -H "Content-Type: application/timestamp-query" --data-binary @dfn-timestamp-test.tsq "http://zeitstempel.dfn.de" -o dfn-timestamp-test.tsr
 
Verification of time stam
wget https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
 
${MYOPENSSL} ts -verify -in dfn-timestamp-test.tsr -data dfn-timestamp-test.sh -CAfile chain.txt
 
${MYOPENSSL} ts -verify -queryfile dfn-timestamp-test.tsq -in dfn-timestamp-test.tsr -CAfile chain.txt
in case of an openssl error "... time stamp routines:TS_CHECK_SIGNING_CERTS ..."

wget https://info.pca.dfn.de/doc/timestampverifier-latest.tar.gz

tar zxvf timestampverifier-latest.tar.gz cd timestampverifier-1.1

sed -i 's/request=req.tsq/request=$1/' verify.sh sed -i 's/java -cp/echo -e "\\n#############################################\\n\\n"\njava -cp/' verify.sh

./verify.sh ../dfn-timestamp-test.tsq

You should see "Data in response matches data in request."

openssl ts -reply -in resp.tsr -text

 
 
Verification of "timestamp response"
openssl ts -reply -in dfn-timestamp-test.tsr -text
 
Status info:
Status: Granted.
Status description: Operation Okay
Failure info: unspecified
TST info:
Version: 1
Policy OID: 1.3.6.1.4.1.22177.300.22.1
Hash Algorithm: sha256
Message data:
    0000 - 79 ae 3e 21 6f 52 92 ea-f0 00 78 73 fe 95 06 2b   y.>!oR....xs...+
    0010 - ce 0c 26 29 89 8f e2 62-dd 9c 06 a5 3a 1f b9 dc   ..&)...b....:...
Serial number: 0x840AA89C8C03C5373E2680B1A2F61CBE132EBBF1
Time stamp: Nov 30 08:50:24 2016 GMT
Accuracy: unspecified
Ordering: no
Nonce: unspecified
TSA: unspecified
Extensions:

Zusatzinformation

Further information:

  • RFC 3161 - " Internet X.509 Public Key Infrastructure Time-Stamp Protocol "
  • Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
  • Bundesdruckerei: "D-TRUST timestamp - confirm receipt times for electronic documents in a legally compliant manner" (in German)
  • Ruhr-Uni-Bochum: "Cryptography with Bouncy Castle"
  • Wikipedia: Comparison of cryptography libraries
  • Microsoft: CryptRetrieveTimeStamp functionBSI:
    • "Electronic signatures, seals and timestamps."
    • eIDAS Regulation on Electronic Identification and Trust Services
  • DFN-PKI
    • Questions and answers on code signing with certificates from the DFN-PKI
    • FAQ timestamp service
    • Time stamp service of DFN-PKI now with SHA-2 signatures

last changed on 01/29/2021

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License