Monday, September 26, 2016

Create/Verify a Timestamp Request with OpenSSL

With the help of OpenSSL and curl you can easily create and verify SHA-1 based timestamps.

In this sample I will use the FreeTSA ( timestamp provider.

TSA Certificate:
Key modulus (sha256): 899ba3d9f777e2a74bdd34302bc06cb3f7a46ac1f565ee128f79fd5dab99d68b

CA Certificate:
Key modulus (sha256): a4b1a0a81aef68be1cc985d0f83bd6539cfe84174587f900e15ffe3f65433056

Download the certificate files:
  • wget
  • wget

Create timestamp request data

openssl ts -query -data data.txt -cert -sha1 -no_nonce \
    -config openssl_ts.cnf -out data.txt.ts_req

The file openssl_ts.cnf is an empty file.

Send the timestamp request and store the response

curl -s -S -H 'Content-Type: application/timestamp-query' \
    --data-binary @data.txt.ts_req \
    -o data.txt.ts_res

Verify the data with the timestamp response

openssl ts -verify -config openssl_ts.cnf \
    -in data.txt.ts_res -data data.txt \
    -CAfile cacert.pem

You should see the following message from OpenSSL

Verification: OK

View the timestap request data on the timestamping providing site

The hash value will be stored at the timestamp provider side. If you want to view the stored data, you need the SHA-1 hash value of your document

openssl dgst -sha1 data.txt | sed -e 's/^.*= //'


Now you can request the stored data

curl -X POST \
    --data "hash=aa9e3512f38bafce78040651b54085c69b540d5d" \

Time stamp: Sep 26 10:55:17 2016 GMT - Hash Algorithm: sha1 - aa9e3512f38bafce78040651b54085c69b540d5d