What is Time Stamping?

Post Quantum Cryptography

What is the quantum risk and its impact on data security?What are the implications of data sensitivity vs time?When will quantum computing pose a threat to encryption methods?Which protocols and certificates may become vulnerable in the post-quantum era?How can enterprises prepare data security strategies for the post-quantum era?Do current cloud platforms support post-quantum algorithms?What is the concept of cryptographic agility?How does cryptographic agility impact risk management for enterprises?Why is data classification important in the context of post-quantum readiness?How does crypto agility affect disaster recovery planning and insurance costs?What is the technical impact of post-quantum agility on organizations?How does Fortanix DSM help achieve cryptographic agility?What features does Fortanix DSM offer for key lifecycle management in PQC implementation?How does Fortanix DSM facilitate integration with leading applications in PQC implementation?

What is Time Stamping?

Whenever a piece of information or an event is recorded, it is timestamped. For example, a picture taken, video recorded, shared tweet, or any social media post.

Timestamps are valuable for tracking when the information was created or modified. It is more effective in legal scenarios.

Suppose an organization signs a copyright contract with a distributor. The distributor violates the rules and argues that the event happened before the signed contract.

In such cases, the organization can prove the facts if they have a timestamp of the contract signature. However, timestamps solely based on time clocks are vulnerable. Hackers can easily hack the system clocks to compromise the information.

Timestamping Authority (TSA), a trusted third party, generates trusted timestamps using secure FIPS-compliant hardware to avoid data manipulation.

RFC 3161 – RFC 5035 and Microsoft Authenticode are two major protocols usually followed by TSAs for time stamping.

The client application creates a hash and sends it to the TSA for time stamping. Once the hash is submitted, any changes made to the code must be communicated to the TSA.

The TSA combines the hash of data and the trusted time stamp using the PKI technology to create a timestamp token. The client attaches the timestamp token to the document or code signature.

Trusted timestamps ensure non-repudiation and Long-Term Validation (LTV) of the signature. LTV is applicable when users want to download a developer's software and confirm the validity of a signature even after it is revoked or expired.

The user machine will validate the signature based on the time it was digitally signed rather than the current time of his system and allow him to download the software but without the latest updates.

The developer can re-issue the code signing certificate.

Learn more about:

Secure your code signing process

Secure certificate management