File: README.rst

package info (click to toggle)
python-rfc3161ng 2.1.3-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 200 kB
  • sloc: python: 597; makefile: 3
file content (91 lines) | stat: -rw-r--r-- 3,020 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
=========
rfc3161ng
=========

.. image:: https://img.shields.io/pypi/l/rfc3161ng.svg
   :target: https://raw.githubusercontent.com/trbs/rfc3161ng/master/LICENSE

.. image:: https://github.com/trbs/rfc3161ng/workflows/CI/badge.svg?branch=master
     :target: https://github.com/trbs/rfc3161ng/actions?workflow=CI
     :alt: CI Status

.. image:: https://img.shields.io/pypi/v/rfc3161ng.svg
    :target: https://pypi.python.org/pypi/rfc3161ng/
    :alt: Latest PyPI version

.. image:: https://img.shields.io/pypi/wheel/rfc3161ng.svg
    :target: https://pypi.python.org/pypi/rfc3161ng/
    :alt: Supports Wheel format

A simple client library for cryptographic timestamping service implementing the
protocol from RFC3161.

This started as a fork of https://dev.entrouvert.org/projects/python-rfc3161 and
has some additional patches such as Python3 support.

The latest version of this library is available from
https://github.com/trbs/rfc3161ng/ .


Public providers
================

There are several timestamping services around.  Here is a list of
publicly available services you can try:

 * http://freetsa.org/tsr
 * http://time.certum.pl
 * http://timestamp.comodoca.com/rfc3161
 * http://timestamp.geotrust.com/tsa
 * http://timestamp.globalsign.com/scripts/timstamp.dll
 * http://tsa.starfieldtech.com
 * https://teszt.e-szigno.hu:440/tsa

Example
=======

    >>> import rfc3161ng
    >>> certificate = open('data/certum_certificate.crt', 'rb').read()
    >>> rt = rfc3161ng.RemoteTimestamper('http://time.certum.pl', certificate=certificate)
    >>> tst = rt.timestamp(data=b'John Doe')
    >>> rt.check(tst, data=b'John Doe')
    True
    >>> rfc3161ng.get_timestamp(tst)
    datetime.datetime(2017, 8, 31, 15, 42, 58, tzinfo=tzutc())

Example for a server that insist on SHA256:

    >> import rfc3161ng
    >> timestamper = rfc3161ng.RemoteTimestamper('https://interop.redwax.eu/test/timestamp', hashname='sha256')
    >> tsr = timestamper(data=b'The RedWax Project', return_tsr=True)
    >> print('{}'.format(tsr))

Verifying timestamp using OpenSSL
=================================

One can verify the timestamp returned by the timeserver by using OpenSSL.
For example with:

  $ openssl ts -verify -data data_file.txt -in data_file.tsr -CAfile cacert.pem -untrusted tsa.crt

To save the tsr you can use code similar to:

    >>> from pyasn1.codec.der import encoder
    >>> import rfc3161ng
    >>> ...
    >>> timestamper = rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr', certificate=certificate_data)
    >>> tsr = timestamper(data=data_file.read(), return_tsr=True)
    >>> with open("data_file.tsr", "wb") as f:
    >>>     f.write(encoder.encode(tsr))

Alternatively you can just save the raw `response.content` returned from the certification server.

There is a test which also covers this in `test_verify_timestamp_response_with_openssl`.


Authors
=======

 * Benjamin Dauvergne <bdauvergne@entrouvert.com>
 * Michael Gebetsroither <michael@mgeb.org>
 * Bas van Oostveen <trbs@trbs.net>