-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There'll be two main servers, a web server and a sql server. We have to insert a timestamp and a signature in the specified rows of tables. Periodically the sql server will make pdf documents from the data and we have to sign and timestamp these docs too. I also have to set up a firewall and a backup server, both of them will be OBSD. After what all of You wrote i guess one of the OBSD servers will act as the timestamping machine with the method of issuing a time file periodically, sign and hash it. I can setup a script for that, and another one for verification. Thats the easiest way i guess.
As for why i dont want to use a public time stamping service: its much more flexible to do it on our own, and much more faster, and there are other reasons. Of course the results dont have to be verified buy total strangers, just those who work with the data from day-to-day. Gabri Mate [EMAIL PROTECTED] DUOSOL Bt. http://www.duosol.hu Douglas A. Tutty mrta: > On Wed, Oct 03, 2007 at 09:45:30PM +0200, G?bri M?t? wrote: >> A service will gather data in a database and this data has to be signed >> and timestamped for security reasons, and the archives of these data are >> also need to signed and timestamped. The data will be used for internal >> purposes, so another internal server can issue the signs and stamps. >> > > OK. This service gathering the data: is it your own dedicated server or > is it an external service provider. Assuming that you don't controll > (in a security sense) the database itself (if you did, why bother with > this?). > > If I understand correclty: Database the data-gatherer can query. You > set up a dedicated, physically secure box and provide it with a secure > source of time (GPS?). > > Assuming that you don't want the latency for them to email the box a > hash, have the box append a time stamp, sign it, and mail it back. You > need a dedicated channel from the time server to the data-gatherer of > latency low enough to meet the time-stamp requirements. > > Do you need to send the timestamp back to the data-gatherer or will they > be sending the data to you by a slower method? > > You could either write a dedicated server or set up a lpd hack. > > They gather the data, tarball it, take a hash and put it in an index > file (like an MD5SUM file in an ftp archive). They send a file > containing only the hash and the unique tarball file name to the lpr on > the time server. A dummy spool there hands the file to a 'filter' that > takes that file, extracts the md5sum, file name, appends the time, and > appends that whole line to a file. For hard copy, each line could be > printed to dedicated dot-matrix printer as it is generated. > > Or your time server is running a database and the data-gather can issue > the SQL insert query directly and the database system itself fills in a > time-stamp field. > > Doug. iD8DBQFHBQDN8najRxwF9nkRAttfAKCJWn8wZuFbBH9Bjg+3jACkYaAw0gCbB+1Z 2eANpaLE6INNbm1DYeDw0xc= =JOK6 -----END PGP SIGNATURE-----
