Skip to content
Snippets Groups Projects
Commit 3338ac62 authored by Anton Wuerfel's avatar Anton Wuerfel
Browse files

Adding time-stamping helper tool


This commit adds a helper tool called `git-timestamp-util`, which does the
actual RFC3161 time-stamping work. It depends on libssl and libcrypto.

In particular, it is used for creating time-stamp signatures and for verifying
them.

To create a time-stamp signature, a Time Stamping Query (TSQ) is created and
passed to the helper tool `git-http-timestamp`, which passes it to a Time
Stamping Authority and outputs a trusted Time Stamping Response (TSR). The TSR
is then split into the time-stamp signature itself and the Time Stamping
Autority's certificate. This certificate is stored in a repository-global TSA
store file called .git_tsa_store, whereas the raw time-stamp signature is passed
to the caller to be stored in a git object. Splitting the TSR into the TSA's
certificate and the raw time-stamp signature is done to avoid redundancy as the
TSA's certificate will likely not change over years.

To verify a time-stamp signature, a SHA-1 hash of the git object to be checked
is passed along with its corresponding time-stamp signature. Identifying
certificate information like issuer and serial number is extracted from the
time-stamp signature. The tuple of issuer and serial number is then used to find
the actual certificate of the Time Stamping Autority in .git_tsa_store file.
The TSA's Certificate and the raw time-stamp signature are merged together and
verified.

Signed-off-by: default avatarAnton Würfel <anton.wuerfel@fau.de>
Signed-off-by: default avatarPhillip Raffeck <phillip.raffeck@fau.de>
parent 28f1c77d
Branches
Tags
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment