Reputation: 60463
Cryptographic Time
Is there a cryptographic mechanism by which it is possible to sign a document with a date, such that it is not possible to forge that same signature at a later date? Maybe some sort of server that publishes daily cryptographic keys (but how can you trust them? ;-).
For the inevitable prodding pragmatists, I'm not trying to accomplish some task. I'm just curious what the solution space is like.
Upvotes: 6
Views: 298
Answers (2)
Reputation: 4142
GuardTime has an interesting service, where the timestamp does not depend on a trusted third party ("signed time") but can be independently verified by any interested party. It works somewhat similarly as Bitcoins, based on hash trees.
Upvotes: 2
Reputation: 46040
This is called Timestamping (TSP protocol, RFC 3161). Different digital signature standards (PDF and XML signatures, CAdES, PAdES, XAdES) include support for advanced timestamping based on TSP.
MS Authenticode also includes timestamping, but uses different (incompatible and less secure) mechanism for it.
TSP alone (without signature protocols) is not used a lot, but in conjunction with signature standards it becomes very handy.
Upvotes: 6
Related Questions
- Alternative timestamping services for Authenticode
- Delphi: how to do digital signature with timestamp of files?
- Steps to include timestamp in PDF signature
- What is the point of sending timestamp?
- Java Implementation of time stamp protocol
- How to create a timestamp server for signature purposes
- How do I securely sign data with a timestamp?
- Cryptography: Verifying Signed Timestamps
- Trusted Timestamps - understanding the format (rfc3161)
- How to verify that timestamping is done correctly for signed code