I want to know the real time applications that uses digital signatures with timestamps. Specially I am interested to know the applications where we can trust an old signed document which is now expired.
Asked
Active
Viewed 2,668 times
2 Answers
5
Digital signatures "expire" because a signature is performed with a private key and verified against the corresponding public key. The public key is linked to an identity (e.g. a legally defined individual) through certificates. The usual standard for certificates (X.509) specifies that certificates expire. Beyond the expiration date, the certificate shall not be used any longer; thus, a digital signature on a document expires: beyond a certain date, it is no longer verifiable. Since user certificates typically expire after two or three years, this is a problem for "real-life" signatures, e.g. on business contracts.
Why do digital certificate expire ? There are several answers. The scientific answer is that a certificate "guarantees" exclusive control of the private key by its designated owner, and no Certification Authority wants to make such a guarantee without any limit in time; also, technological advances could make a given key weaker over time, thus warranting a definite end-of-life. The cynical answer is due to Peter Gutman:
Perhaps Validity could simply be renamed to RenewalFeeDueDate to reflect its actual usage.
Either way, signatures expire. How do we solve that ? With another signature ! Namely, a time stamp. The time stamp is a proof that a given "document" (a sequence of bits) existed at some past date; internally, it is a signature computed over a structure which contains the date at which the time stamp is issued, and a hash of the time-stamped document. The Time Stamping Authority is responsible for maintaining an accurate clock and never to sign a structure with a wrong date.
The idea is then the following: at some time T, we take the initial document, the signature, and all the involved extra objects (all certificates, CRL and other elements) which are used to verify the signature at time T. We assume that at date T, the certificates have not yet expired. Then we put all that in a big bag (imagine it as a Zip archive) and we obtain a time stamp from an adequate TSA. At a later date T', we can verify the time stamp to be valid, and thus we make sure that the whole bag and its contents already existed at time T: therefore, we can imagine ourselves projected back to time T, and we can verify the signature as if the current date was T -- even if, meanwhile, some certificates have expired (i.e. at date T', without the time stamp, we would no longer be able to verify the signature).
Since a time stamp is itself a signature (indeed, have a look at RFC 3161: time stamps are a special case of CMS signatures), it is also subject to expiration. So we have to recurse: at date T'', while the time stamp is still verifiable, get the time stamp and whatever certificates are needed to verify it into a new bag, and have an extra time stamp issued for that bag. And so on. This is like old bare-metal buildings like Eiffel Tower: they can last forever as long as you take care to cover them with a fresh layer of paint regularly.
Details are arcane and intricate. For relevant standards, see:
- Evidence Record Syntax: a format for encoding the sequence of successive time stamps. Also includes provisions for recovering from cryptanalytic breaks on hash functions, and uses a smart time stamp sharing mechanism with hash trees.
- CAdES: an extension of CMS, for signatures with embedded time stamps and provisions for the time stamp layers.
- XAdES: like CAdES, but with XML in lieu of ASN.1 (but the certificates are still ASN.1 based, so XAdES is like Chimera -- alas there is no corresponding Bellerophon to slay it).
- PAdES: like CAdES, for PDF files (the signature, certificates, time stamps... get inserted into the PDF file itself; that's what Adobe Reader supports).
Summary: time stamps are a time travel device, but the traveller is just a virtual verifier for signatures.
-
Wow, what a great answer! Dig it. – D.W. Aug 25 '12 at 17:42
1
A easy to use, intuitive, and corporate and court friendly implementation of digital certificates and digital signed timestamps in in Adobe's acrobat. You can use any digital certificate and you can easily configure it to use an RFC 3161 timestamp authority. The digital signature and timestamp is stored in a metadata and there is built in functionality for versions or edits made after the signed & stamped signature is created.
I know from previous research it is hard to find information in the area of digital signature with secured timestamps, so here are some starter links:
- http://learn.adobe.com/wiki/display/security/Digital+Signatures+101#DigitalSignatures101-Timestamping
- http://usefullinksandinfo.blogspot.com/2011/06/timestamp-server-for-adobe-acrobat.html
- http://opentsa.org/
- http://www.digistamp.com/support/frequently-asked-questions/adobe-acrobat
- http://www.globaltrustfinder.com/TSADefault.aspx
- http://timestampclient.sourceforge.net/
Eric G
- 9,691
- 4
- 31
- 58