Crate tsp_http_client

Source
Expand description

A simple HTTP client for requesting timestamps from a timestamp authority (TSA) using the RFC 3161 standard.

§Examples

The following code can be used, if you already have a SHA digest of the data you want to timestamp:

use tsp_http_client::request_timestamp_for_digest;

// The URI of a timestamp authority (TSA) that supports RFC 3161 timestamps.
let tsa_uri = "http://timestamp.digicert.com";

// The SHA-256 digest of the data to be timestamped (can also be different SHA lengths like SHA-512).
let digest = "00e3261a6e0d79c329445acd540fb2b07187a0dcf6017065c8814010283ac67f";

// Request a timestamp for the given digest from the TSA (retrieving a TimeStampResponse object).
let timestamp = request_timestamp_for_digest(tsa_uri, digest)?;

// The content of the timestamp response can be written to a file then for example.
File::create("/tmp/timestamp-response.tsr")?.write_all(&timestamp.as_der_encoded())?;

// Or the date and time of the timestamp can be accessed.
println!("Timestamped date and time: {}", timestamp.datetime()?);

Alternatively, the crate can calculate the digest on the content of a file:

use tsp_http_client::request_timestamp_for_file;

// The URI of a timestamp authority (TSA) that supports RFC 3161 timestamps.
let tsa_uri = "http://timestamp.digicert.com";

// The file that should be timestamped.
let filename = "README.md";

// Request a timestamp for the given digest from the TSA (retrieving a TimeStampResponse object).
let timestamp = request_timestamp_for_file(tsa_uri, filename)?;

// The content of the timestamp response can be written to a file then for example.
File::create("/tmp/timestamp-response.tsr")?.write_all(&timestamp.as_der_encoded())?;

// Or the date and time of the timestamp can be accessed.
println!("Timestamped date and time: {}", timestamp.datetime()?);

§Verification with OpenSSL

Signature verification is not (yet) included in this crate. You can, however, verify the timestamp response using OpenSSL if you wrote its DER encoding into a file, as shown in the example above.

openssl ts -verify -digest 00e3261a6e0d79c329445acd540fb2b07187a0dcf6017065c8814010283ac67f -in timestamp-response.tsr -CAfile tsa-cert.pem

The tsa-cert.pem file must contain the full certificate chain of the timestamp authority (TSA) that issued the timestamp.

Structs§

TimeStampResponse
Wrapper around the response from a timestamp server, providing methods to access and verify the signed timestamp.

Enums§

Error
Specific error values of the TSP HTTP client.

Functions§

request_timestamp_for_digest
Requests a timestamp for the given digest from the specified URI of a timestamp authority (TSA).
request_timestamp_for_file
Requests a timestamp for the given file from the specified URI of a timestamp authority (TSA).