diff --git a/t/t7031-verify-tag.sh b/t/t7031-verify-tag.sh
new file mode 100755
index 0000000000000000000000000000000000000000..bc7953b851cb71bcc44798527e277dbe127093b6
--- /dev/null
+++ b/t/t7031-verify-tag.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+test_description='signed time-stamped tag tests'
+. ./test-lib.sh
+. "$TEST_DIRECTORY/lib-gpg.sh"
+
+# Tests for RFC3161 implementation
+
+if test -n "$NO_OPENSSL"
+then
+	skip_all='skipping test, git built without openssl support'
+	test_done
+fi
+
+# Disable remote tests by default to avoid spamming of TSAs and to be able to
+# test without internet connection
+
+if test -z "$GIT_TEST_TSA_URL"
+then
+	skip_all='Remote TSA testing disabled (set GIT_TEST_TSA_URL to enable)'
+	test_done
+fi
+
+if test -z "$GIT_TEST_TSA_CAPATH"
+then
+	skip_all='Remote TSA testing disabled (set GIT_TEST_TSA_CAPATH to enable)'
+	test_done
+fi
+
+test_expect_success 'create a tag with a timestamp signature' '
+	git config ts.tsaurl $GIT_TEST_TSA_URL &&
+	git config ts.capath $GIT_TEST_TSA_CAPATH &&
+	git config ts.failonverify 1 &&
+	test_tick &&
+	echo foo > foo &&
+	git add foo &&
+	git commit -m foo &&
+	git tag -t -m onlytime tsa_onlytime
+'
+
+test_expect_success GPG 'create a tag with gpg and timestamp signatures' '
+	echo foobar > bar &&
+	git add bar &&
+	git commit -m test123 &&
+	git tag -s -t -m tsa_both tsa_both
+'
+
+test_expect_success 'verify tag with gpg and timestamp signature' '
+	git verify-tag tsa_both
+'
+
+test_expect_success 'verify tag with timestamp signature' '
+	test_must_fail git verify-tag tsa_onlytime
+'
+
+test_expect_success 'verify tag with timestamp signature with -t' '
+	git verify-tag -t tsa_onlytime
+'
+
+test_expect_success 'verify fudged timestamp' '
+	git cat-file tag tsa_onlytime >raw &&
+	sed -e "s/onlytime/morethantime/" raw >forged1 &&
+	git hash-object -w -t tag forged1 >forged1.tag &&
+	test_must_fail git verify-tag $(cat forged1.tag) >actual1 2>&1 &&
+	grep "BAD time-stamp signature" actual1 &&
+	! grep "Verified timestamp" actual1
+'
+
+test_done