Without a mutually-trusted source of time "cookies", it depends on specific needs.
Further infomation on the nature of the transaction is required since I haven't heard of a pre-packaged oss application. Doug. On Wed, Oct 03, 2007 at 08:36:37PM +0200, G?bri M?t? wrote: > Sorry i wasn't totally specific. Yes, later on the reciever need to > verify the timestamp. I was looking for an oss application but couldn't > find any for timestamping. > > Douglas A. Tutty ?rta: > > On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: > >> I've read a lot about timestamping a document, but dunno how it works in > >> practice. How can i apply a timestamp to a digitally signed or encrypted > >> document? Like i encrypt or sign a document with gnupg, but before the > >> process how can i timestamp it? > >> Sorry for the stupid question but i really can't imagine it. > >> > > > > I suppose the first question is: is the time stamp for info only or does > > the recipient have to verify the accuracy of the timestamp? I.e. lets > > say you take the file you want to encrypt and sign, put it in a tarball > > that will protect the file's modification time, and encrypt and sign > > that. This gives the recipient your opinion on the timestamp and > > protects it from being changed enroute. However, the recipient can't > > verify that you or your system are telling the truth. > > > > I don't know if there's an accepted strategy, but if I had to create one > > from scratch, off the top of my head I'm thinking some time of time > > server. It would have to publish a signed file of the current time, say > > once per minute, so that you could include the hash in the above noted > > tarball. The recipient could note the time of that hash file, query the > > time server for the matching hash and compare the two. If they match, > > then the time matches. > > > > This would have to be a time server that is trusted by the recipient. > > > > I'll be interested to hear from someone who really knows about this. > > > > Doug. > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > > iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS > MxT2+9gw9WpbIi6BXfeeSSc= > =0rKL > -----END PGP SIGNATURE-----
