Index ¦ Archives ¦ Atom

Time Stamp with OpenSSL an cURL

One of the things that came up on the SAGE-AU mailing lists a few weeks ago was getting data time stamped. I've come across time stamping before when signing code you also get the signature time stamped that way if you sign your code in 2009 with a certificate that expires in 2012 your code still runs in 2016 because at the time your code was signed the certificate was valid even though it's expired now.

I was also aware that you could time stamp arbitrary data but I didn't really know how. It turns out it's fairly straight forward with just OpenSSL and cURL. Basically you can make a SHA256 hash of the data you want to stamp, then you send that to a stamping server which will verify that it saw that hash at a given time. Thanks to Nick Savvides for these steps.

michael@xo:~$ echo "What's the time Mr. Wolf?" > time_stamp_data.txt
michael@xo:~$ openssl ts -query -data time_stamp_data.txt -sha256 -out time_stamp_query.tsq
michael@xo:~$ curl -s -H "Content-Type:application/timestamp-query" --data-binary @time_stamp_query.tsq > time_stamp_server_response.tsr
michael@xo:~$ openssl ts -reply -in time_stamp_server_response.tsr -out time_stamp_reply.tsr
michael@xo:~$ openssl ts -reply -in time_stamp_reply.tsr -text
Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified

TST info:
Version: 1
Policy OID: 2.16.840.1.113733.
Hash Algorithm: sha256
Message data:
    0000 - 06 07 9c 9d 85 79 48 da-50 15 aa 83 51 5e d9 00   .....yH.P...Q^..
    0010 - bb 2d 0c d0 bb 26 cd b0-fe c5 0a 2d 94 47 b3 84   .-...&.....-.G..
Serial number: 0x331216786C798D1FFBE256D20FDA52DC515855B7
Time stamp: Apr  6 06:57:09 2016 GMT
Accuracy: 0x1E seconds, unspecified millis, unspecified micros
Ordering: no
Nonce: 0x0C93A642E3B4F1BC
TSA: DirName:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec SHA256 TimeStamping Signer - G1
michael@xo:~$ sha256sum time_stamp_data.txt
06079c9d857948da5015aa83515ed900bb2d0cd0bb26cdb0fec50a2d9447b384  time_stamp_data.txt

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.