| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
software:pgp [2022/04/08 00:22]
cyril fix alignment issues |
software:pgp [2022/04/24 15:23] (current)
cyril [Trusted Timestamping] |
| Remarks: | Remarks: |
| * Providing only a cryptographically secure hash of your data instead of the whole data is sufficient, while ensuring confidentiality of your data. | * Providing only a cryptographically secure hash of your data instead of the whole data is sufficient, while ensuring confidentiality of your data. |
| * If you also want to prove that you were in possession of this document at this time (i.e. that you did not find it with the trusted timestand later), you need to make sure that it is clearly written in the document that you are its author. You can also create an intermediate file containing both your name as well as the file hash. However you still benefit from plausible deniability (someone else cannot prove that you are the author), as anyone could have proceeded to this trusted timestamping with your name in it. | * If you also want to prove that you were in possession of this document at this time (i.e. that it was not done by someone else, and you found it with the trusted timestamp later), you need to make sure that it is clearly written in the document that you are its author. You can also create an intermediate file containing both your name as well as the file hash. However you still benefit from plausible deniability (someone else cannot prove that you are the author), as anyone could have proceeded to this trusted timestamping with your name in it. |
| * If you want a bit stronger proof that you were in possession of this document at this time, and accept non-repudiation (or it is demanded by a third party), you can also include a signature of the document with your PGP key in the intermediate file. | * If you want a bit stronger proof that you were in possession of this document at this time, and accept non-repudiation (or it is demanded by a third party), you can also include a signature of the document with your PGP key in the intermediate file. |
| * Note: if you don't want to decide whether signing or not when timestamping, you could create two versions of the intermediate file, with and without signatures, and timestamp both. However it has limited value, as plausible deniability only makes sense if someone else obtains the files and opposes them to you, so the mere existence of non-repudiable signatures opens this risk. Divulgating yourself the deniable files, realizing that you should not have, and ending up denying them, would be very suspicious (except maybe saying that the files were altered by someone else, but you would have to provide the unaltered files, with which you initially got mixed up). | * Note: if you don't want to decide whether signing or not when timestamping, you could create two versions of the intermediate file, with and without signatures, and timestamp both. However it has limited value, as plausible deniability only makes sense if someone else obtains the files and opposes them to you, so the mere existence of non-repudiable signatures opens this risk. Divulgating yourself the deniable files, realizing that you should not have, and ending up denying them, would be very suspicious (except maybe saying that the files were altered by someone else, but you would have to provide the unaltered files, with which you initially got mixed up). |
| Free services (as of 2022): | Free services (as of 2022): |
| * Certified in France or Europe: | * Certified in France or Europe: |
| ** N/A | * N/A |
| * TSA with accuracy and chainable to ubiquously trusted certificate (all trust stores): | * TSA with accuracy and chainable to ubiquously trusted certificate (all trust stores): |
| ** GlobalSign ([[http://rfc3161timestamp.globalsign.com/advanced|server]]): | * GlobalSign ([[http://rfc3161timestamp.globalsign.com/advanced|server]]): RFC 3161 from TSQ, sha512, accuracy 1s |
| RFC 3161 from TSQ, sha512, accuracy 1s | * Certum ([[http://time.certum.pl/|server]]): RFC 3161 from TSQ or hash, sha512, accuracy 1s |
| ** Certum ([[http://time.certum.pl/|server]]): | |
| RFC 3161 from TSQ or hash, sha512, accuracy 1s | |
| * TSA that can be chained to somewhat trusted certificate (some trust stores), or don't provide accuracy information: | * TSA that can be chained to somewhat trusted certificate (some trust stores), or don't provide accuracy information: |
| ** DigiCert ([[https://knowledge.digicert.com/generalinformation/INFO4231.html|infos]], [[http://timestamp.digicert.com/|server]]): | * DigiCert ([[https://knowledge.digicert.com/generalinformation/INFO4231.html|infos]], [[http://timestamp.digicert.com/|server]]): RFC 3161 from TSQ, sha512, no accuracy, but ubiquously trusted certificate |
| RFC 3161 from TSQ, sha512, no accuracy, but ubiquously trusted certificate | * EnTrust ([[http://timestamp.entrust.net/TSS/RFC3161sha2TS|server]]): RFC 6161 from TSQ, sha512, no accuracy, but ubiquously trusted certificate |
| ** EnTrust ([[http://timestamp.entrust.net/TSS/RFC3161sha2TS|server]]): | * Comodo / Sectigo / USERTrust ([[http://timestamp.comodoca.com|server]]): RFC 6161 from TSQ, sha512, no accuracy, but ubiquously trusted certificate (failing to verify for unknown reasons though) |
| RFC 6161 from TSQ, sha512, no accuracy, but ubiquously trusted certificate | * Apple ([[http://timestamp.apple.com/ts01|server]]): RFC 3161 from TSQ, sha512, accuracy 1s |
| ** Comodo / Sectigo / USERTrust ([[http://timestamp.comodoca.com|server]]): | * Symantec / VeriSign ([[http://sha256timestamp.ws.symantec.com/sha256/timestamp|server]]: RFC 3161 from TSQ, sha512, accuracy 30s, signed by VeriSign root, sold to symantec in 2010, then sold to broadcom, root not distributed anymore |
| RFC 6161 from TSQ, sha512, no accuracy, but ubiquously trusted certificate (failing to verify for unknown reasons though) | |
| ** Apple ([[http://timestamp.apple.com/ts01|server]]): | |
| RFC 3161 from TSQ, sha512, accuracy 1s | |
| ** Symantec / VeriSign ([[http://sha256timestamp.ws.symantec.com/sha256/timestamp|server]]: | |
| RFC 3161 from TSQ, sha512, accuracy 30s, signed by VeriSign root, sold to symantec in 2010, then sold to broadcom, root not distributed anymore | |
| * Independent party: | * Independent party: |
| ** FreeTSA ([[https://www.freetsa.org/index_en.php|infos]], [[https://freetsa.org/tsr|server]]): | * FreeTSA ([[https://www.freetsa.org/index_en.php|infos]], [[https://freetsa.org/tsr|server]]): RFC 3161 from TSQ, sha512, no accuracy, self-signed certificate |
| RFC 3161 from TSQ, sha512, no accuracy, self-signed certificate | * ItConsult ([[http://www.itconsult.co.uk/stamper.htm|infos]]): PGP signature with index by email |
| ** ItConsult ([[http://www.itconsult.co.uk/stamper.htm|infos]]): | |
| PGP signature with index by email | |
| |
| Limited services: | Limited services: |
| * TrueTimestamp ([[http://truetimestamp.org/|infos)]]: | * TrueTimestamp ([[http://truetimestamp.org/|infos)]]: RFC 3161 by form, and by URL 5/day, sha256, not tested |
| RFC 3161 by form, and by URL 5/day, sha256, not tested | * DigiStamp ([[https://www.digistamp.com/|infos]]): account, 25/year free |
| * DigiStamp ([[https://www.digistamp.com/|infos]]): | |
| account, 25/year free | |
| |
| Services With free trial duration: | Services With free trial duration: |
