[TriLUG] OT: crytographic timestamps
jtrilug at indythinker.com
Fri Apr 18 13:33:19 EDT 2008
Joseph Mack NA3T wrote:
> I'm writing some proprietary code at home in stages and will
> be submitting it remotely. It would be helpful if I could
> conveniently show the date that I submitted each stage. One
> way I can think to do this is to cryptographically timestamp
> it. This in turn needs a trusted timestamp authority (TSA).
> The only FOSS TSA project I could find with google appears
> to have died (at least from timestamps on the postings).
> There are plenty of people selling proprietary TSA hardware.
> If it comes to that, I'll just do without.
> Alternately I could swipe some time sensitive material from
> an on-line news source and cryptographically encapsulate
> that in the code. This would give me a "no older than" date,
> which is not terribly useful.
> I would like this to be as paperless as possible, as I may
> need to keep records for a long time (10yrs). eg I don't
> really want to go to the Post Office and collect pieces of
> paper, saying when I mailed the code.
> Any ideas?
I've also had an interest in this topic and used your email as motive to
finally do a few minutes of searching on the topic. Here's a Wikipedia
article that's a decent starting place. If nothing else, it provides
more keywords to use in searching for a provider:
Here are two free services that I found from there:
Myself, I am considering paying a modest fee for the service, so they
have a motive to stay in business. Here are the first couple leads I
found for commercial providers. The first provider claims $0.40 per
timestamp and signs on the fingerprint, not the whole file. This is an
interesting tactic, because it does not require you to disclose your
material to a third party and also scales well to very large data sets:
Best of luck in your pursuits.
More information about the TriLUG