TSA - Time stamp authority

mark_nl · January 24, 2021, 4:33pm

I can agree to disagree…

Could the kakwa/uts-server be help full for your needs ?
If so; it looks doable to build / rpm-package it for you for testing.

thorsten · January 24, 2021, 4:48pm

Yes, I think so… kakwa/uts-server seems to be an option, however it has to work via http

mark_nl · February 1, 2021, 2:31pm

Hi @thorsten,

Did build and package uts-server and its dependency civitweb. I think it works but do not know how to configure it yet. Maybe you can figure this out…

to test (on centos-7 or nethserver testing machine)

yum install yum-plugin-copr git screen
yum copr enable  markvnl/uts-server
yum install uts-server

make test setup:

git clone https://github.com/kakwa/uts-server.git
cd uts-server
./tests/cfg/pki/create_tsa_certs
screen
uts-server -c tests/cfg/uts-server.cnf -D

press crtl+a than d to detach from screen

./goodies/timestamp-file.sh -i README.rst -u http://localhost:2020 -r -O "-cert";

Output:

[INFO]    Generating timestamp on file '/root/uts-server/README.rst', to '/root/uts-server/README.rst.tsr', using server 'http://localhost:2020'
[SUCCESS] Timestamp of file '/root/uts-server/README.rst' using server 'http://localhost:2020' succeed, ts written to '/root/uts-server/README.rst.tsr'

–

openssl ts -verify -in README.rst.tsr -data README.rst -CAfile ./tests/cfg/pki/tsaca.pem

Output:

Verification: OK

–

openssl ts -reply -in README.rst.tsr -text

Output:

Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified

TST info:
Version: 1
Policy OID: 1.2.3.4.1
Hash Algorithm: sha1
Message data:
    0000 - d8 4d 72 7a 6a 08 a8 5f-fb 02 16 5f fa ac 5b e1   .Mrzj.._..._..[.
    0010 - cf c5 a0 df                                       ....
Serial number: 0xD244F95E65A5F5B8E19B74C43713628255082939
Time stamp: Feb  1 14:24:51 2021 GMT
Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros
Ordering: yes
Nonce: 0x0E8E09450E56BE6C
TSA: DirName:/C=FR/ST=Paris/L=Paris/O=UTS-SERVER test/CN=TSA CERT 1
Extensions:

attach to screen again screen -r press ctl+c to stop uts-server exit to close screen

EDIT: 2nd stage testing:

After the above works copy the test configuration and certs to /etc/uts-server

mv /etc/uts-server/uts-server.cfg /etc/uts-server/uts-server.rpm
cp tests/cfg/uts-server.cnf /etc/uts-server/uts-server.cfg
cp -r tests/cfg/pki/ /etc/uts-server/
systemctl start uts-server

–
./goodies/timestamp-file.sh -i README.rst -u http://localhost:2020 -r -O "-cert";

[INFO]    Generating timestamp on file '/root/uts-server/README.rst', to '/root/uts-server/README.rst.tsr', using server 'http://localhost:2020'
[SUCCESS] Timestamp of file '/root/uts-server/README.rst' using server 'http://localhost:2020' succeed, ts written to '/root/uts-server/README.rst.tsr'

openssl ts -verify -in README.rst.tsr -data README.rst -CAfile /etc/uts-server/pki/tsaca.pem

Verification: OK