Previously we answered the most common questions about the OCSP. Another element involved in the creation and verification of signatures is timestamping. This blog covers how timestamping works, what a Timestamp Authority is, and why timestamping is beneficial to the longevity and legality of digital signatures.
How does timestamping work?
Timestamping can be used to independently and irrefutably prove the time of a transaction, the time a document was signed and when it was archived.
RFC 3161 and RFC 5816 are standards for secure cryptographic timestamping and what products and organisations must include in timestamps. This includes providing a trustworthy source of time, a trustworthy time value and a unique identifier for each timestamp that has been issued.
The TSA cryptographically binds the data’s unique hash / message digest / fingerprint with the current date and time that is synchronised with a trusted time source. This is done with a special digital signature, using a private signing key under the sole control of the TSA that should be generated and stored in a high-trust Hardware Security Module (HSM).
Can I timestamp the signature myself?
No, only a TSA can issue secure timestamps. For a timestamp to be valid and compliant with RFC 3161 and 5816 and provide independent evidence, a trusted timestamp has to be issued by a trusted third-party – that is a Timestamp Authority.
If you were to timestamp your own signature, it would call the document’s integrity into question. Having a trusted third-party attest that they received and signed the hash of the document at a specific date and time is the most trustworthy way to prove the authenticity of a document, both at the time it was signed and long into the future.
What happens if I don't timestamp the signature?
As we previously mentioned, timestamping can be used to prove that a document hasn’t been altered since the timestamp was issued.
If a document was disputed, it can be difficult to provide proof that the digital signature was valid at the time of signing without a timestamp. This is because most signing certificates expire after one or two years, making it difficult to prove the document’s validity several years into the future.
Without a timestamp for legally binding documents such as business contracts, someone could alter the clock on their computer and then alter and resign a document, which in turn could lead to costly legal battles as different parties dispute each other’s claims.
Timestamping is essentially an independent witness – providing the evidence required to show that the document is unchanged since the document hash was sent to the TSA at the time of signing.
Can a timestamp be cancelled or become invalid?
Timestamping provides integrity even after a signer’s digital credentials expire or are revoked. This enables the creation of long-term digital signatures that contain everything needed to verify the signature, the timestamp to provide the time of signing, plus the signature and the certificate chain validity data. This is hugely beneficial for long-term archiving.
Long-term signatures are supported in various ETSI signature formats: PAdES for PDF documents; XAdES for XML and CAdES for other data formats. This ensures that documents and data can be read and verified for a long time into the future – decades or more – even if credentials expire.
The combination of the TSA providing trusted time of signing and the Validation Authority (Online Certificate Status Protocol) providing proof that the signer’s certificate was not revoked, extends the lifetime of the signature up to 20 years (depending on the lifetime of the TSA certificate).Before this expiry date it is also possible to add another timestamp and extend the document validity further into the future.
Where do I find a timestamp server?
A Timestamp Server product can be deployed within an enterprise to provide private timestamping or can be obtained from a service provider. Determining the type of product or service you use will depend largely on your use case.
Timestamp services can be used for the following use cases:
- Document signing
- Code signing (Authenticode and Java Code Signing)
It’s important to ensure that a timestamping server complies with RFC 3161, 5816, ETSI EN 319 421 and ETSI EN 319 422.
The future of timestamping
Finally, there is always discussion about algorithm expiry and quantum computing. SHA-3 is now available as a hash algorithm, however it is unlikely to be widely available for another year or two in third party products, so some caution is advised.
This is on the Ascertia roadmap for support later in 2020. RSA is supported to 8192 bits so SHA-512 and RSA 4096 is still believed to be effective for 10+ years.
Shortly Ascertia will also support quantum safe algorithms. Should a breakthrough in quantum computing be seen, then all existing document signatures that are able to have an archive timestamp added, can have quantum safe timestamps added before quantum machines are realistically available. If this affects you, ask Ascertia how its digital signatures can be interoperable today and still quantum safe tomorrow.