-
-
Save Manouchehri/fd754e402d98430243455713efada710 to your computer and use it in GitHub Desktop.
https://rfc3161.ai.moda | |
https://rfc3161.ai.moda/adobe | |
https://rfc3161.ai.moda/microsoft | |
https://rfc3161.ai.moda/apple | |
https://rfc3161.ai.moda/any | |
http://rfc3161.ai.moda | |
http://timestamp.digicert.com | |
http://timestamp.globalsign.com/tsa/r6advanced1 | |
http://rfc3161timestamp.globalsign.com/advanced | |
http://timestamp.sectigo.com | |
http://timestamp.apple.com/ts01 | |
http://tsa.mesign.com | |
http://time.certum.pl | |
https://freetsa.org | |
http://tsa.startssl.com/rfc3161 | |
http://dse200.ncipher.com/TSS/HttpTspServer | |
http://zeitstempel.dfn.de | |
https://ca.signfiles.com/tsa/get.aspx | |
http://services.globaltrustfinder.com/adss/tsa | |
https://tsp.iaik.tugraz.at/tsp/TspRequest | |
http://timestamp.entrust.net/TSS/RFC3161sha2TS | |
http://timestamp.acs.microsoft.com |
@chimmmpie I have made a script that extracts the .cer / .crt from a timestamping service
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
# Check that we have the name of the TSA service as a first arg and the URL as a second arg
if [ "$#" -ne 2 ]; then
echo "Illegal number of parameters"
echo "Usage: $0 <TSA_URL> <TSA_NAME>"
exit 1
fi
TSA_URL=$1
TSA_NAME=$2
echo "==> We are trying to get the TSA certificate from the following service : $TSA_NAME ($TSA_URL)"
echo "==> Sending a signature request..."
openssl rand 256 | openssl ts -query -data - -cert -sha256 | curl -s -S --data-binary @- "$TSA_URL" --header "Content-Type: application/timestamp-query" -o - -v > "$TSA_NAME.reply.tsr"
echo "==> Verifying the response..."
openssl ts -reply -text -in "$TSA_NAME.reply.tsr" || (echo "==> Verification failed :" && cat "$TSA_NAME.reply.tsr" && rm "$TSA_NAME.reply.tsr" && exit 1)
echo "==> Extracting the token..."
openssl ts -reply -in "$TSA_NAME.reply.tsr" -token_out -out "$TSA_NAME.token.tk"
echo "==> Extracting the TSA certificate..."
openssl pkcs7 -inform DER -in "$TSA_NAME.token.tk" -print_certs -outform PEM -out "$TSA_NAME.cer"
echo "==> Extracting the TSA certificate as a .crt..."
openssl x509 -inform PEM -in "$TSA_NAME.cer" -out "$TSA_NAME.crt"
rm "$TSA_NAME.reply.tsr" "$TSA_NAME.token.tk"
Call it like ./request_crt.sh http://timestamp.acs.microsoft.com/ microsoft
to get everything in microsoft.crt
I have made a script that extracts the .cer / .crt from a timestamping service
Thanks, that is great!
Would it be possible to make version of the script that downloads all certs for servers provided by https://rfc3161.ai.moda/servers.json?
@chimmmpie I have made a script that extracts the .cer / .crt from a timestamping service
That looks interesting. But it would suggest to me that the cert is already in the response? Or does anyone think that some of the openssl commands will fetch it in the background?
The -cert
part in openssl ts -query -data - -cert -sha256
asks the TSA to return its cert as well
How can i verify the timestamp? I get a response from a random server. But i also would like to verify this response locally. But for that i need CA and intermediate files i think. Could u also expose those/add them to the server list? I assume your backend has them in order to verify the response. Bonus for a example command :)