IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [timestamp]

For questions relating to physical or digital timestamps, usually as part of a cryptographic protocol, logging, or auditing requirement. Please use the tag [time] for questions relating to system clocks.

Timestamps are used to denote the date and time at which an event occurred, typically as meta-data.

Their application to security ranges from modification times on files, to use of timestamps in cryptographic protocols to prevent replay attacks.

96 questions
0
votes
0 answers

eIDAS qualified timestamp on email

Every document that needs to be eIDAS compliant needs to have a qualified timestamp. If we take an email as a document, then the email, based on eIDAS regulations, needs to have an qualified timestamp issued by a qualified CA. As I know, no email…
Giulio Ferraiuolo
  • 1
0
votes
1 answer

What's the PROPER way to validate a signature timestamp?

the purpose of adding trusted timestamps to signatures is so that they can be considered valid long beyond the validity of the signing certificate. However, this is not so easy, since TSA's signing certificate has an exipration date too or may be…
matthias_buehlmann
  • 565
  • 4
  • 12
0
votes
0 answers

Why does RFC5816 not change the version number defined in RFC3161

So, RFC5816 https://www.ietf.org/rfc/rfc5816.txt changes the specification of RFC3161 https://www.ietf.org/rfc/rfc3161.txt RFC3161 specifies the 'version' field in TSTInfo to be set to 1 Why does RFC5816 not change the value of this field? wouldn't…
matthias_buehlmann
  • 565
  • 4
  • 12
0
votes
0 answers

OpenSSL cli: how to extract ESSCertID or ESSCertIDv2 from SignerInfo of timestamp token

If I have a Timestamp token, then the signing certificate for the token is identified via the ESSCertID (for RFC3161 tokens) or the ESSCertIDv2 (for FC5816) of the signing certificate, which is the SHA-1 (in the case of ESSCertID) or some other hash…
matthias_buehlmann
  • 565
  • 4
  • 12
0
votes
1 answer

What header & footer to use when storing RFC3161 token in PEM format

The RFC3161 (https://www.ietf.org/rfc/rfc3161.txt) specification states 3. Transports There is no mandatory transport mechanism for TSA messages in this document. The mechanisms described below are optional; additional optional mechanisms…
matthias_buehlmann
  • 565
  • 4
  • 12
0
votes
0 answers

In the time side channel, is there any way to improve the measurement time accuracy?

I want to measure the execution time of a function. The execution time of this function is only slightly different in the two cases. Is there any way I can accurately measure its time to distinguish the two cases? The possible solutions are: Use…
Gerrie
  • 101
  • 2
0
votes
1 answer

Best practice for encrypting data on Mifare

I am currently playing around with Mifare Classic 1k. And everything I have read about it's security is true. So it's not exactly the best thing to use to avoid cloning. But I was wondering if someone manages to hack one of these cards following…
Marco Fernandes
  • 101
0
votes
1 answer

Why generate dedicated issuer CA for TSU certificates?

I've observed the practice of generating dedicated issuer CAs for signing TSU (Time-Stamping Unit) certificates instead of just using another existing issuer CA, for example, one used to sign S/MIME certificates or SSL certificates. Now, some…
Jaime Hablutzel
  • 2,598
  • 3
  • 17
  • 17
0
votes
0 answers

Is it possible to get the original UUID1 from a timestamp?

Say, for example, I generate a time based UUID with the following program. import uuid uuid = uuid.uuid1() print uuid print uuid.time I get the following: 47702997-155d-11ea-92d3-6030d48747ec 137946228962896279 Can I get back the original UUID,…
Haunted
  • 43
  • 4
0
votes
2 answers

TSA server with OpenSSL

From OpenSSL documentation of openssl-ts command: HTTP server support is provided in the form of a separate apache module Does anybody know which module is the one? I haven't found any module to enable a TSA server.
jlanza
  • 103
  • 3
0
votes
1 answer

Signing and timestamping implementation

I am writing a software that records and stores data files. I want to digitally sign and time stamp these files so that I can assure that it's Contemporaneous and Attributable (to comply with 21 CFR part 11 regulations and ALCOA C+ guidelines). This…
cinico
  • 93
  • 7
0
votes
1 answer

How to have both TLS and Time Stamp Signing for data?

As you know, we use TLS for multiple purposes, including integrity, confidentiality and authentication and we use TSAs (Trusted Timestamp Authorities) to have signed timestamps for our data. (Read about it here) The question is which one of the must…
Ebrahim Ghasemi
  • 264
  • 2
  • 10
0
votes
2 answers

If a file on USB drive shows a certain "date modified" time in the windows explorer, can the correct added date/time be checked for the file?

If someone copied files from a drive-1 to usb-drive-2, then it seems the directories and files get the original modified time from drive-1 in some cases and in some cases not. Can it be checked if the file/directory was actually copied to the drive…
Joe Black
  • 111
  • 3
0
votes
1 answer

How can one make sure that some specific directories are fully deleted (without any record of their deletion) from a USB/flash drive?

It seems data resides in USB somewhere until it's completely overwritten. But is there a way to delete big directories 10-100GB or so without zero-filling the remaining space and only eradicating those specific directories? Would the history of…
Joe Black
  • 111
  • 3
0
votes
1 answer

Dual Code Signing: Should SHA-1 signature have a SHA-1 or SHA-2 timestamp?

I am signing executables for our software both with a SHA-1 and a SHA-256 signature. In addition I timestamp both of these signatures. Here I am wondering: I can timestamp the SHA-1 signature with a SHA-256 timestamp, but does that make sense? I…
Jens
  • 297
  • 2
  • 11
1 2 3 4 5
6
7