Re: sign and timestamp
On Thu, Oct 04, 2007 at 05:03:41PM +0200, G?bri M?t? wrote: There'll be two main servers, a web server and a sql server. We have to insert a timestamp and a signature in the specified rows of tables. Periodically the sql server will make pdf documents from the data and we have to sign and timestamp these docs too. I also have to set up a firewall and a backup server, both of them will be OBSD. After what all of You wrote i guess one of the OBSD servers will act as the timestamping machine with the method of issuing a time file periodically, sign and hash it. I can setup a script for that, and another one for verification. Thats the easiest way i guess. As for why i dont want to use a public time stamping service: its much more flexible to do it on our own, and much more faster, and there are other reasons. Of course the results dont have to be verified buy total strangers, just those who work with the data from day-to-day. I'm not clear on what you will gain over just having all the boxes running ntp and having the SQL server inserting a time value on each row of the table, and having each row be non-alterable (other than, of course, by root), and having a time stamp put on the pdf document. Typical uses for real time stamps are for audit purposes. The only reason for an audit trail is to prove that records havnen't been altered either accidentally or intentionally/maliciously by someone within the organization. If this is for internal auditing only and your internal audit department requires something more than just a time-entry in an SQL file, then they should have sole controll over the server that does the time stamping. Nobody outside of the audit department should have any root privlidges. In which case, a dedicated dot-matrix printer that prints the file name, hash, and time stamp of files as they are received for stamping, would be prudent. Put multi-part paper in the printer and take a copy off-site (to the off-site auditors?) regularily. In any event, your system (policy, protocols, etc) should be approved by the people who will be needing to verify the veracity of the timestamps. Doug.
Re: sign and timestamp
On Wed, Oct 03, 2007 at 05:21:09PM -0700, Ted Unangst wrote: On 10/3/07, Gabri Mati [EMAIL PROTECTED] wrote: I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? you cannot provably timestamp anything. you can only provide copies or hashes at the time you would like to prove creation, either by sending it to the person you want to prove it to or a trusted third party. or generally publishing it, and hoping you can gather enough witnesses to testify when they first saw it. One solution is making sure it ends up on multiple public archives. Some clueful idiot spammed full-disclosure [1] with a `month of random hashes', which appears to have put a stop to the clueless idiots that posted hashes of their 'discoveries'. It shouldn't be too difficult to find an abandoned Usenet group that is still in Google's index, though, and if you use a sane posting frequency - once a week, or perhaps once a day - this is nowhere near as evil as the UUencoded pink bits that make up the majority of a Usenet feed nowadays. (Which should not be mistaken as this not being evil.) Be prepared for some cooks to harass you because you are obviously working for the CIA/Mossad/terrorists/greys, though. (Why do you hate America/Israel/Freedom/Humanity?!) (And all this is just a roundabout way of telling you that an external stamping service makes a lot more sense. What are you *really* trying to do?) Joachim [1] A security-related mailing list. Unmoderated, so vulnerabilities come through quickly but get lost in the diarrhea. -- TFMotD: rwalld, rpc.rwalld (8) - write messages to users currently logged in server
Re: sign and timestamp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There'll be two main servers, a web server and a sql server. We have to insert a timestamp and a signature in the specified rows of tables. Periodically the sql server will make pdf documents from the data and we have to sign and timestamp these docs too. I also have to set up a firewall and a backup server, both of them will be OBSD. After what all of You wrote i guess one of the OBSD servers will act as the timestamping machine with the method of issuing a time file periodically, sign and hash it. I can setup a script for that, and another one for verification. Thats the easiest way i guess. As for why i dont want to use a public time stamping service: its much more flexible to do it on our own, and much more faster, and there are other reasons. Of course the results dont have to be verified buy total strangers, just those who work with the data from day-to-day. Gabri Mate [EMAIL PROTECTED] DUOSOL Bt. http://www.duosol.hu Douglas A. Tutty mrta: On Wed, Oct 03, 2007 at 09:45:30PM +0200, G?bri M?t? wrote: A service will gather data in a database and this data has to be signed and timestamped for security reasons, and the archives of these data are also need to signed and timestamped. The data will be used for internal purposes, so another internal server can issue the signs and stamps. OK. This service gathering the data: is it your own dedicated server or is it an external service provider. Assuming that you don't controll (in a security sense) the database itself (if you did, why bother with this?). If I understand correclty: Database the data-gatherer can query. You set up a dedicated, physically secure box and provide it with a secure source of time (GPS?). Assuming that you don't want the latency for them to email the box a hash, have the box append a time stamp, sign it, and mail it back. You need a dedicated channel from the time server to the data-gatherer of latency low enough to meet the time-stamp requirements. Do you need to send the timestamp back to the data-gatherer or will they be sending the data to you by a slower method? You could either write a dedicated server or set up a lpd hack. They gather the data, tarball it, take a hash and put it in an index file (like an MD5SUM file in an ftp archive). They send a file containing only the hash and the unique tarball file name to the lpr on the time server. A dummy spool there hands the file to a 'filter' that takes that file, extracts the md5sum, file name, appends the time, and appends that whole line to a file. For hard copy, each line could be printed to dedicated dot-matrix printer as it is generated. Or your time server is running a database and the data-gather can issue the SQL insert query directly and the database system itself fills in a time-stamp field. Doug. iD8DBQFHBQDN8najRxwF9nkRAttfAKCJWn8wZuFbBH9Bjg+3jACkYaAw0gCbB+1Z 2eANpaLE6INNbm1DYeDw0xc= =JOK6 -END PGP SIGNATURE-
Re: sign and timestamp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry i wasn't totally specific. Yes, later on the reciever need to verify the timestamp. I was looking for an oss application but couldn't find any for timestamping. Gabri Mate [EMAIL PROTECTED] DUOSOL Bt. http://www.duosol.hu Douglas A. Tutty mrta: On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. I suppose the first question is: is the time stamp for info only or does the recipient have to verify the accuracy of the timestamp? I.e. lets say you take the file you want to encrypt and sign, put it in a tarball that will protect the file's modification time, and encrypt and sign that. This gives the recipient your opinion on the timestamp and protects it from being changed enroute. However, the recipient can't verify that you or your system are telling the truth. I don't know if there's an accepted strategy, but if I had to create one from scratch, off the top of my head I'm thinking some time of time server. It would have to publish a signed file of the current time, say once per minute, so that you could include the hash in the above noted tarball. The recipient could note the time of that hash file, query the time server for the matching hash and compare the two. If they match, then the time matches. This would have to be a time server that is trusted by the recipient. I'll be interested to hear from someone who really knows about this. Doug. iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS MxT2+9gw9WpbIi6BXfeeSSc= =0rKL -END PGP SIGNATURE-
Re: sign and timestamp
On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. I suppose the first question is: is the time stamp for info only or does the recipient have to verify the accuracy of the timestamp? I.e. lets say you take the file you want to encrypt and sign, put it in a tarball that will protect the file's modification time, and encrypt and sign that. This gives the recipient your opinion on the timestamp and protects it from being changed enroute. However, the recipient can't verify that you or your system are telling the truth. I don't know if there's an accepted strategy, but if I had to create one from scratch, off the top of my head I'm thinking some time of time server. It would have to publish a signed file of the current time, say once per minute, so that you could include the hash in the above noted tarball. The recipient could note the time of that hash file, query the time server for the matching hash and compare the two. If they match, then the time matches. This would have to be a time server that is trusted by the recipient. I'll be interested to hear from someone who really knows about this. Doug.
Re: sign and timestamp
Without a mutually-trusted source of time cookies, it depends on specific needs. Further infomation on the nature of the transaction is required since I haven't heard of a pre-packaged oss application. Doug. On Wed, Oct 03, 2007 at 08:36:37PM +0200, G?bri M?t? wrote: Sorry i wasn't totally specific. Yes, later on the reciever need to verify the timestamp. I was looking for an oss application but couldn't find any for timestamping. Douglas A. Tutty ?rta: On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. I suppose the first question is: is the time stamp for info only or does the recipient have to verify the accuracy of the timestamp? I.e. lets say you take the file you want to encrypt and sign, put it in a tarball that will protect the file's modification time, and encrypt and sign that. This gives the recipient your opinion on the timestamp and protects it from being changed enroute. However, the recipient can't verify that you or your system are telling the truth. I don't know if there's an accepted strategy, but if I had to create one from scratch, off the top of my head I'm thinking some time of time server. It would have to publish a signed file of the current time, say once per minute, so that you could include the hash in the above noted tarball. The recipient could note the time of that hash file, query the time server for the matching hash and compare the two. If they match, then the time matches. This would have to be a time server that is trusted by the recipient. I'll be interested to hear from someone who really knows about this. Doug. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS MxT2+9gw9WpbIi6BXfeeSSc= =0rKL -END PGP SIGNATURE-
Re: sign and timestamp
On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: Hey there! I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. The Big G is your friend [1]: http://www.itconsult.co.uk/stamper.htm (Obviously, one could sent them a hash instead of the original if one were afraid of sending data unencrypted over the net.) Joachim [1] Trust The Computer. The Computer is Your Friend. -- TFMotD: h2xs (1) - convert .h C header files to Perl extensions
Re: sign and timestamp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A service will gather data in a database and this data has to be signed and timestamped for security reasons, and the archives of these data are also need to signed and timestamped. The data will be used for internal purposes, so another internal server can issue the signs and stamps. Gabri Mate [EMAIL PROTECTED] DUOSOL Bt. http://www.duosol.hu Douglas A. Tutty mrta: Without a mutually-trusted source of time cookies, it depends on specific needs. Further infomation on the nature of the transaction is required since I haven't heard of a pre-packaged oss application. Doug. On Wed, Oct 03, 2007 at 08:36:37PM +0200, G?bri M?t? wrote: Sorry i wasn't totally specific. Yes, later on the reciever need to verify the timestamp. I was looking for an oss application but couldn't find any for timestamping. Douglas A. Tutty ?rta: On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. I suppose the first question is: is the time stamp for info only or does the recipient have to verify the accuracy of the timestamp? I.e. lets say you take the file you want to encrypt and sign, put it in a tarball that will protect the file's modification time, and encrypt and sign that. This gives the recipient your opinion on the timestamp and protects it from being changed enroute. However, the recipient can't verify that you or your system are telling the truth. I don't know if there's an accepted strategy, but if I had to create one from scratch, off the top of my head I'm thinking some time of time server. It would have to publish a signed file of the current time, say once per minute, so that you could include the hash in the above noted tarball. The recipient could note the time of that hash file, query the time server for the matching hash and compare the two. If they match, then the time matches. This would have to be a time server that is trusted by the recipient. I'll be interested to hear from someone who really knows about this. Doug. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS MxT2+9gw9WpbIi6BXfeeSSc= =0rKL -END PGP SIGNATURE- iD8DBQFHA/Fa8najRxwF9nkRAhEEAJ4+TygfHgFyHF5ih+UElEVQoiSrFQCgrMpq JzzHM57RLOmKE4dWMOCCalA= =HV+v -END PGP SIGNATURE-
Re: sign and timestamp
On 2007/10/03 21:36, Joachim Schipper wrote: On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: Hey there! I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? google/patent search: haber stornetta dead trees: there's a little section in Applied Cryptography (surprise!), the basics are fairly obvious (send TTP a hash, they append a timestamp and sign the lot) but to prevent collusion between sender and TTP additional measures are normally used. The Big G is your friend [1]: http://www.itconsult.co.uk/stamper.htm Now it's October 2007 and RIPA part III is in force, .uk is not a great jurisdiction to be hosting cryptographic services.
Re: sign and timestamp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes, but i wan't to solve this without an outsider for practical reasons. Gabri Mate [EMAIL PROTECTED] DUOSOL Bt. http://www.duosol.hu Joachim Schipper mrta: On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: Hey there! I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. The Big G is your friend [1]: http://www.itconsult.co.uk/stamper.htm (Obviously, one could sent them a hash instead of the original if one were afraid of sending data unencrypted over the net.) Joachim [1] Trust The Computer. The Computer is Your Friend. iD8DBQFHA/488najRxwF9nkRAk/sAKCFzKm7tBxsNHwFCYFdtHP8NWClXwCbBWcC jHWm4T+Eimk1p1ZQ2GyoKqc= =s5sI -END PGP SIGNATURE-
Re: sign and timestamp
I don't know if there's an accepted strategy, but if I had to create one from scratch, off the top of my head I'm thinking some time of time server. It would have to publish a signed file of the current time, say once per minute, so that you could include the hash in the above noted tarball. The recipient could note the time of that hash file, query the time server for the matching hash and compare the two. If they match, then the time matches. Slightly OT... That (and variations therof) would work for a 'not earlier than' lower bound, but I'm pretty sure there is a good theoretical reason why 'not later than' shouldn't be possible without a third party, making timestamping (in the sense of having happened in this given interval) impossible. I am open to contradiction though :) -- steev http://www.daikaiju.org.uk/~steve/
Re: sign and timestamp
On Wed, Oct 03, 2007 at 10:40:28PM +0200, G?bri M?t? wrote: Yes, but i wan't to solve this without an outsider for practical reasons. Gabri Mate [EMAIL PROTECTED] DUOSOL Bt. http://www.duosol.hu Joachim Schipper mrta: On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: Hey there! I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? Sorry for the stupid question but i really can't imagine it. The Big G is your friend [1]: http://www.itconsult.co.uk/stamper.htm (Obviously, one could sent them a hash instead of the original if one were afraid of sending data unencrypted over the net.) Joachim [1] Trust The Computer. The Computer is Your Friend. iD8DBQFHA/488najRxwF9nkRAk/sAKCFzKm7tBxsNHwFCYFdtHP8NWClXwCbBWcC jHWm4T+Eimk1p1ZQ2GyoKqc= =s5sI -END PGP SIGNATURE- Perhaps off-topic, but do consider improving your signal-to-noise ratio; I count one useful, albeit misspelled, line - remove the (non-delimited) sig, broken PGP signature, and useless cruft from replied messages. What you want to do is a lot more complicated. The easiest solution I can think of is chaining. For instance, given data_1, data_2, ..., data_n which must be signed on date_1, date_2, ..., date_n, define hash_0 = SOME_VALUE hash_i+1 = f(hash_i ++ data_i+1 ++ date_i+1) Here, f() is a hash function, for instance RIPEMD-160 or SHA2-256, and ++ denotes some mixing operation (XOR might be a good bet). Suppose you provide someone with frequent values of hash_i. If you later make a false claim about either data_j or date_j, and the other person has hash_i, hash_k, data_1, ..., data_k, and date_i, ..., date_k,, where i j = k, then you would be quickly found out. Of course, more sophisticated algorithms can do the same thing, but without revealing quite this much. Go read a good book; Practical Cryptography provides a good overview. Joachim Disclaimer: I am not a cryptographer, crypto is hard, and I'm tired. So no guarantees that the above actually works. -- PotD: x11/matchbox/matchbox-window-manager - window manager with a classic pda management policy
Re: sign and timestamp
On 10/3/07, Gabri Mati [EMAIL PROTECTED] wrote: I've read a lot about timestamping a document, but dunno how it works in practice. How can i apply a timestamp to a digitally signed or encrypted document? Like i encrypt or sign a document with gnupg, but before the process how can i timestamp it? you cannot provably timestamp anything. you can only provide copies or hashes at the time you would like to prove creation, either by sending it to the person you want to prove it to or a trusted third party. or generally publishing it, and hoping you can gather enough witnesses to testify when they first saw it.
Re: sign and timestamp
On Wed, Oct 03, 2007 at 09:45:30PM +0200, G?bri M?t? wrote: A service will gather data in a database and this data has to be signed and timestamped for security reasons, and the archives of these data are also need to signed and timestamped. The data will be used for internal purposes, so another internal server can issue the signs and stamps. OK. This service gathering the data: is it your own dedicated server or is it an external service provider. Assuming that you don't controll (in a security sense) the database itself (if you did, why bother with this?). If I understand correclty: Database the data-gatherer can query. You set up a dedicated, physically secure box and provide it with a secure source of time (GPS?). Assuming that you don't want the latency for them to email the box a hash, have the box append a time stamp, sign it, and mail it back. You need a dedicated channel from the time server to the data-gatherer of latency low enough to meet the time-stamp requirements. Do you need to send the timestamp back to the data-gatherer or will they be sending the data to you by a slower method? You could either write a dedicated server or set up a lpd hack. They gather the data, tarball it, take a hash and put it in an index file (like an MD5SUM file in an ftp archive). They send a file containing only the hash and the unique tarball file name to the lpr on the time server. A dummy spool there hands the file to a 'filter' that takes that file, extracts the md5sum, file name, appends the time, and appends that whole line to a file. For hard copy, each line could be printed to dedicated dot-matrix printer as it is generated. Or your time server is running a database and the data-gather can issue the SQL insert query directly and the database system itself fills in a time-stamp field. Doug.
