Hi Quan Zhou, Quan Zhou: > so GnuPG's timestamping isn't an option for this? > Even X509 has a timestamping feature for this kind of use. > > On Fri, Dec 2, 2016 at 11:59 AM, Schlacta, Christ <aarc...@aarcane.org> > wrote: > >> The easiest way is to publish your code to a publicly controlled source >> with a signature on or before your desired date. Not sure if there's a >> *better* way. >> >> On Dec 1, 2016 7:43 PM, "Bertram Scharpf" <li...@bertram-scharpf.de> >> wrote: [...] >>> I want to do the opposite. I want to make evidence >>> that I created a document _before_ a certain point of time. [...] >>> Is there a standard way in GnuPG and in the keyholder >>> infrastructure to accomplish this task?
since it is possible to fake system time by modifying system time in BIOS (all OS with BIOS or similar) and (on GNU/Linux systems) by using faketool application-wide, or, more specifically, gpg's --fake-system-time EPOCH (usable from 2.1 on if gnupg was compiled using debug flags; although this option is documented for previous versions as to the 2.0.x manpages or the gnupg's info manual, it only is implemented and usable in gpg 2.1. see (1)(2)(3)(4) gpg's signature timestamp (on a given file) would NOT be a real proof of a document being allegedly signed at that specific date or (prior to a determined date). So it would NOT either be a credible proof of a document being allegedly created before a determined date, if you decided to sign it immediately after creating it in order to document its creation date via signature time). Cheers Stephan (1) https://lists.gnupg.org/pipermail/gnupg-devel/2014-September/028724.html (2) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760354 (3) https://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/2014-September/001774.html (4) https://marc.info/?l=gnupg-commit-watchers&m=146009708822599&w=2
0x4218732B.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
