Monday, September 26, 2016

Create/Verify a Timestamp Request with OpenSSL

With the help of OpenSSL and curl you can easily create and verify SHA-1 based timestamps.

In this sample I will use the FreeTSA (https://freetsa.org/index_en.php) timestamp provider.

TSA Certificate: https://freetsa.org/files/tsa.crt
Key modulus (sha256): 899ba3d9f777e2a74bdd34302bc06cb3f7a46ac1f565ee128f79fd5dab99d68b

CA Certificate: https://freetsa.org/files/cacert.pem
Key modulus (sha256): a4b1a0a81aef68be1cc985d0f83bd6539cfe84174587f900e15ffe3f65433056

Download the certificate files:
  • wget http://freetsa.org/files/tsa.crt
  • wget http://freetsa.org/files/cacert.pem

Create timestamp request data

openssl ts -query -data data.txt -cert -sha1 -no_nonce \
    -config openssl_ts.cnf -out data.txt.ts_req

The file openssl_ts.cnf is an empty file.

Send the timestamp request and store the response


curl -s -S -H 'Content-Type: application/timestamp-query' \
    --data-binary @data.txt.ts_req http://freetsa.org/tsr \
    -o data.txt.ts_res


Verify the data with the timestamp response

openssl ts -verify -config openssl_ts.cnf \
    -in data.txt.ts_res -data data.txt \
    -CAfile cacert.pem
 

You should see the following message from OpenSSL

Verification: OK


View the timestap request data on the timestamping providing site

The hash value will be stored at the timestamp provider side. If you want to view the stored data, you need the SHA-1 hash value of your document

openssl dgst -sha1 data.txt | sed -e 's/^.*= //'

aa9e3512f38bafce78040651b54085c69b540d5d

Now you can request the stored data

curl -X POST \
    --data "hash=aa9e3512f38bafce78040651b54085c69b540d5d" \
    http://freetsa.org/grep.php

Time stamp: Sep 26 10:55:17 2016 GMT - Hash Algorithm: sha1 - aa9e3512f38bafce78040651b54085c69b540d5d