SecureBlackbox 16: Timestamping of digital signatures (mini-FAQ)


Content

What is timestamping and why should I use it?

Timestamping is used to specify the time when a digital signature was made. This is needed to properly validate the signature.

If the signature timestamp is present, the application that validates (verifies) the signature will check whether the certificates involved in the signature validation were valid at the time of signing. If there's no timestamp for the signature, the certificate validity is checked for the time of the signature validation, which is not always acceptable.

Example:

The certificate is valid from: 1st of January, 2008
The certificate is valid to: 31st of December, 2010
The signature was made on: 4th of July, 2009
The signature was verified on: 30th of April, 2012


  • With timestamp: The signature is OK (the signature was made during the certificate's validity period).
  • Without timestamp: The signature is not valid (the certificate has expired by the time of the signature verification).

Timestamping should be used if the signature is supposed to be used (to prove the authenticity of the document author or data originator) in the long term, i.e., longer than one or several days.

Timestamping is not necessary when you, for example, send a short signed note to a colleague and this note is expected to be read and disposed of the same day as it has been written. Of course, timestamping cannot be used when it's not supported by the signing technologies or when the timestamping authority is not available.

On the other hand, timestamping is a must when you create signed documents for wide distribution or for long-term storage and archival purposes. Timestamping is also used when signing the executable modules of software applications.

In what technologies can timestamping be used?

Timestamping (namely the TSP protocol) is defined by RFC 3161 and is part of the PKI infrastructure based on X.509 certificates. As such, timestamping can be used when signing any data using PKCS#7, in PDF document signing and in XML document signing using XAdES.

Timestamping is not used in S/MIME (despite the fact that this is a PKI-based technology).

Timestamping is not available in OpenPGP as this is not an X.509-certificate-based technology.

Microsoft Authenticode (the technology used to sign applications and libraries in Windows) also uses timestamping; however, this timestamping is different from the TSP protocol defined by RFC 3161. Starting with recent versions, Windows started to support dual-signed files, where the SHA2 signature is timestamped with RFC 3161 timestamps.

How does timestamping work?

Timestamping involves your code as a timestamping client and a timestamping server called the Timestamping Authority (TSA). Of course, with SecureBlackbox most of the operations described below are done under the hood.

  1. Your code first signs certain data.
  2. The hash of the data signature is calculated. This hash is sent to the TSA for signing.
  3. The TSA signs the received hash using the TSA certificate and includes the current time on the server in this signature.
  4. The signature made by the TSA is sent back to your code and your code adds this signature to the original signature made over the initial data.

Note: The TSA certificate is not a generic certificate generated somewhere in the garage. TSA certificates are issued by Certificate Authorities. Such certificates must be properly validated and they are issued and used only for timestamping.

Can I timestamp the signature myself?

If you are a widely recognized TSA, then why not? In other words, you should obtain the TSA certificate and have a trusted source of time (usually this is some piece of hardware that takes the time from another trusted source such as a GPS satellite).

For testing purposes you can create a self-signed TSA certificate and use it for application development and debugging; however, such a self-signed certificate can be used only in closed infrastructures where it can be accepted by the applications that will validate your signatures.

Where do I find a timestamping server?

TSA services are offered by the companies that issue digital certificates, such as Thawte, VeriSign, Comodo, GlobalSign, etc.

There exist local (national, governmental, or private) timestamping authorities, but their usability is limited as they are usually offered as a part of some closed infrastructure. For example, if the governmental agency or bank accepts digitally signed documents, it can offer the TSA for use with such documents, but this TSA will be only accepted and validated by this governmental agency or bank.

What happens if I don't timestamp the signature?

The timestamp tells the entity that validates the signature when exactly the signature was made.

As you know, the certificate is not eternal. It has a certain validity period; i.e., the certificate may only be used for its purpose during some period of time. If you use a certificate that has expired to sign the data, such a signature will not be accepted as valid.

If the signature validator finds a timestamp, the validator will know when the signature was made and will check if the certificate was valid at that moment in time.

If there's no timestamp, then nobody knows when the signature was made, and it's assumed that it could have been made at any moment in time, possibly after the certificate had expired. There are two possible results from this situation: Either the signature is claimed as not valid, or the signature is assumed to have been made at the time of validation. In the second case, if the signing certificate itself has expired by the time of the signature validation, the signature will not be accepted as valid either. And if the signature is expected to be validated sometime in the future, then it's likely that such a problem will happen sooner or later.

To summarize: if the signature is not timestamped properly, there's a chance that it will not be accepted as valid.

Can the timestamp itself be canceled or become invalid?

If the timestamping certificate is revoked (claimed as invalid by the CA that has issued it), there are two cases possible, as per sections 4.1 and 4.2 of RFC 3161:

  1. If the revocation reason code indicates that the key has not been compromised but the TSA itself will not be operating in the future, then the timestamping certificate should not be used for timestamping in the future (after revocation). Previously made timestamps, however, don't become invalid.
  2. If the revocation reason code indicates code compromise, then all timestamps signed with the compromised certificate become invalid.

Does the timestamp expire?

The timestamp itself doesn't expire. However, the timestamp is signed with a certificate issued for the specific purpose of signing timestamps. This certificate has its own expiration time and validity period, which is usually longer than the validity period of a certificate issued for SSL/TLS, however, not infinite. As soon as the certificate used to sign a timestamp expires, the timestamp expires as well. As per section 4.3 of RFC 3161, such a timestamp should be redone or notarized to renew the existing trust in the timestamp.

How do I use timestamping in my projects?

SecureBlackbox lets you both timestamp the document signatures (timestamping is a part of the signing operation) and validate the timestamp during signature validation. In SecureBlackbox timestamping is done with the help of TElFileTSPClient and TElHTTPTSPClient. The first component requires that you send the prepared TSP request to the server and retrieve the reply from the server in your code. You can communicate with the server with any HTTP client component or class. The second component (TElHTTPTSPClient) uses the HTTP client included in SecureBlackbox, so you don't need to do extra coding. On the other hand, the use of this HTTP client requires a license for the HTTPBlackbox client, the SSLBlackbox client, or a more extensive package.

To include timestamping into the signature creation process, you create an instance of one of the above-mentioned classes and assign this instance to the appropriate property of the component used for signing. Optionally, set some supplementary properties of the signing component. That's all - the timestamping component will be used by the signing component automatically.

Timestamp validation is done automatically by the components that are used to validate the document signature. You don't need to take extra steps for timestamp validation.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.