Table of Contents
Understand the Basics #
- RFC 3161 is a protocol for timestamping digital content.
- It is used to prove that specific data existed at a certain point in time.
- It is often used in conjunction with digital signatures to enhance security and integrity.
Choose a Timestamping Authority (TSA) #
- A TSA is a trusted third party responsible for issuing timestamps.
- Select a TSA that is reliable and complies with the RFC 3161 standard.
- Aloaha / CodeB has been supporting RFC 3161 timestamps for over 20 years with their time notary service available at Time Notary.
- Additionally, the CodeB Identity Broker contains a TSA endpoint accessible at
<BaseURL>/tsa
. Demo Server: https://nfcsign.com/tsa
Generate a Digital Signature #
- Before timestamping, create a digital signature for your document or data.
- Use cryptographic algorithms like RSA to generate the signature.
- Securely store the private key used for signing.
Create a Timestamp Request #
- After generating the digital signature, create a timestamp request.
- The request typically contains the hash of the data or signature to be timestamped.
- Use a secure hash algorithm like SHA-256 to create the hash.
Post the Timestamp Request to the TSA Endpoint #
- Construct an HTTP POST request to send the timestamp request to the chosen TSA’s endpoint.
- If using the CodeB Identity Broker, post the request to
<BaseURL>/tsa
. Demo Server: https://nfcsign.com/tsa - Ensure that the request is formatted correctly according to the TSA’s specifications.
- The TSA will verify the request and, if valid, generate a timestamp token containing the timestamp, the hash of the data, and the TSA’s digital signature.
Verify the Timestamp Token #
- Once received, verify the timestamp token to ensure its integrity and authenticity.
- Check the TSA’s digital signature using its public key.
- Confirm that the timestamp and the hash in the token match the original request.
Store the Timestamp Token #
- Securely store the timestamp token along with the original data and its digital signature.
- The timestamp token serves as proof of the existence of the data at the specified time.
Validate the Timestamped Data #
- If needed, the timestamp token can be presented to validate the timestamped data.
- The validator will check the timestamp token, the TSA’s signature, and the hash of the data.
- Successful validation confirms the existence of the data at the timestamped time.
Considerations #
- Ensure the security and confidentiality of the private keys used for digital signatures.
- Regularly update cryptographic algorithms and hash functions to maintain security.
- Choose a TSA with a good reputation and reliable infrastructure to avoid issues with timestamping.
Conclusion #
RFC 3161 timestamping, when used in conjunction with digital signatures, provides an additional layer of security and integrity to digital content by proving the existence of data at a specific point in time. By following the steps above and considering security aspects, users can effectively utilize RFC 3161 timestamping for digital signatures. Aloaha / CodeB’s long-standing support for RFC 3161 through their Time Notary service and the CodeB Identity Broker’s TSA endpoint offer reliable options for those seeking TSA services.