PGP Digital Timestamping Service


Introduction

Early in 1995 I was looking for an automatic digital timestamping service which could be used to corroborate the date at which I had signed a document with PGP. At that point I could only find one commercial service and that used proprietary software.

I therefore resolved to setup such a service which would be free of charge to users. I wanted to use PGP as the signing software and provide the service by Internet email, which was at the time by far the most common form of connection to the Internet.

Stamper was therefore launched in October 1995.

In April 1997, proof of posting certificates were added.

Using the Service

The service operates in a number of different "modes" depending upon the required results. The current modes are:-

Using the service in post mode

This mode is used to forward a message providing a proof of posting certificate.

The message should be addressed to post@stamper.itconsult.co.uk and must contain one line in the body of the message for each recipient of the form:-

     X-Stamper-To: emailaddress

Multiple recipients must have separate X-Stamper-To: lines. It is also important that the "X" must start in column 1.

The message signed with a proof of posting certificate and will be queued for sending to the addresses given. It will be resent in the name of the original sender so any bounce messages will go back directly to the sender. A copy of the posted message will also be returned to the sender.

It is important to note that such a certificate guarantees that someone claiming to be the sender asked Stamper to send the message to the listed recipients. It does not guarantee that the message was delivered, and it does not authenticate the sender in any way.

Should you wish to send a pgp clearsigned message, the "X-Stamper-To:" directives should be inserted before the "-----BEGIN PGP" part of the message. If it is put inside, Stamper will remove the line which will cause the signature validation to fail.

An example of use is also available.

Using Stamper in clear mode

This mode is used to get a clearsigned copy of the received message text. The message should be sent to clear@stamper.itconsult.co.uk.

Using Stamper in header mode

This mode is used to get a clearsigned copy of the received message text and message headers. The message should be sent to header@stamper.itconsult.co.uk.

In this case it is important to be aware that the headers received by Stamper may have been forged.

Using Stamper in text mode

This mode is used to get a signed and ASCII armoured copy of the received message test. The message should be sent to text@stamper.itconsult.co.uk.

Using Stamper in pgp mode

This mode is used to get an existing pgp file signed and the result returned to the sender. Typically this would be used to get a "compound" signature on a document by sending Stamper a signed document or a detached signature certificate.

The ASCII armoured pgp file should be send to pgp@stamper.itconsult.co.uk.

For the technically minded this mode removes the ascii armour and signs the resulting document using:-

     pgp -sba receivedmessage -o returnedmessage +batch +force

Using Stamper in binary mode

This mode is used to get a binary file signed and the result returned to the sender.

The ASCII armoured binary file should be send to binary@stamper.itconsult.co.uk.

For the technically minded this mode removes the ascii armour and signs the resulting document using:-

     pgp -sba receivedmessage -o returnedmessage +batch

The only difference between this and PGP mode, is that Stamper will assume that the underlying file has NOT been produced by PGP.

Trusting Stamper

It would be very easy for me to try and say what a reliable and trustworthy sort of a fellow I am and that you can naturally assume that Stamper will provide accurate timestamps which will never be backdated. This would not be good enough!!

Every signature made by Stamper will have a unique serial number. This number automatically increments by one every time a document is signed. Stamper also stamps summaries of its own signatures from the previous day.

Each signature will be retained by Stamper and may be inspected by anyone. The only details which will be disclosed will be the detached signature (not what is returned to the user), its serial number and the time & date it was made. Specifically any message text or email addresses will NOT be disclosed.

Thus the combination of the serial number being in chronological order coupled with publishing the signatures should provide sufficient certainty that timestamps have not been back (or forward) dated.

Stamper will generate two types of daily files: an updated log showing the last signature serial number made on each day (called SIGYYYY.TXT), and a zip file of all the detached signatures made on that day (called YYYYMMDD.ASC). In these cases YYYY, MM & DD represent the components of a date. These files are available via this website or may be requested from the list server list@itconsult.co.uk by sending it a message containing the line "GET STAMPER-FILES filename" (without the quotes) in the BODY of the message. Multiple files may be requested on separate lines in the body of the same message tolist@stamper.itconsult.co.uk.

The daily zip files will have been signed by Stamper (complete with serial number, as normal) and will have ASCII armour. Note that you will require zip file processing software in order to extract the individual signatures. Other formats may be considered if there is sufficient demand.

In order to enhance the trustworthiness of the service, the detached signatures of the daily zip files will be published weekly in the Usenet group comp.security.pgp.announce for the week ending the previous Saturday. They will also be sent by email to users who request this by sending a message to list@stamper.itconsult.co.uk with "JOIN STAMPER-ANNOUNCE" (without the quotes) in the BODY of the message.

These weekly messages will also be available from STAMPER-FILES named WKYYYYMMN.TXT, where YYYY & MM are the year and month and N is the number of the Saturday in the month.

Support

If support is required, mail messages should be sent to support@stamper.itconsult.co.uk. It would be really appreciated if support queries were not sent to any other email addresses.

Public Keys

Following are the public keys relating to Stamper. Please note that the key for Stamper itself is 2046 bits which requires a recent version of PGP.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAi6FPa4AAAEEALw3nEftUsvZLnyeCRcn5kMOebdcSlw3UpTVbhtZDZsFxFJE
lcwlM11NJjXV4saOAn8xbUvDDgOusRTkKA4gno1L89SPl3M8/SZ8RSUSzqVkqBKQ
K2p036F5K5PsKYTMtGSCu5Bpb4hG2fyVqOcETSAM0RJ9Sdvg7gKwLwcHEv69AAUR
tCxNYXR0aGV3IFJpY2hhcmRzb24gPEplcnNleSwgQ2hhbm5lbCBJc2xhbmRzPokA
lQMFEDNnJQ0KYXxTP5jTfQEBJLID/3BZOKqIbK6CR1a1Q/fDUZwvAC0opFSYmfIV
VHjuR1gGc9mHxjiniHpMDBfn84yvkEQ5Dn+qBFAwE69dew80YDsRcJwXu8YGMB53
Tj07M/MdSpA2ZYX1NMxy+uMtbzuwMZJLeqDvqyV/oEff5IROhZxBf8A/0cPnf4Fx
xD3FUJQ9iQCVAwUQMRfq0zm3lb9t1QxBAQHGBAP/bGfT7eTkHWnebwocCrolFn3w
heEKfOJ7yf6ciF8DagwmZz+Dn8XCW3kyDB/qE1Q/J1OJ27mXF3Uz53Sp1BT2uv2T
YTgnQ67sL4ur6t8voNlLJKvMgyZFG07o5U8+jzAf5yL3fpZcqvOdyjXNMZx/X95H
pQA6hKRplpp77kyulK6JAJUCBRAvtm80kzC3sFWOCaUBAVV2A/9Fp7QEX2VO7FgI
Y+t/K4fb6+au30BxFfKVX4a/OBAAql9X70koFtNd9Ul1l959F/BxHtExDmEGkCj1
egssDyB88pH2gWm8CVayOzlM+SO/a+OvQVTSTvG8T80MpvEyfJfqB5xNpkQfWJ/a
5XHlMDPgEjbiLuxSYu0XWW/VRJZp7YkAlQIFEC6FPm4CsC8HBxL+vQEBl74D/2/Z
kU9M6Doc69jFrig3jHFMlYNWIu7pWniVjtj2PwRgMT5O83IUoLy3kxmzEM5DELZ1
fAEg+6DMxCDka3S8B7S769fcto/nTLaAkItWzjqPZKjg5AnXQEI6mRg8N30MNK5+
ViT/VfRhgpyjSqxWhAehN4Q+PxX5MBF3xaGaXD5CtCxNYXR0aGV3IFJpY2hhcmRz
b24gPG1hdHRoZXdAaXRjb25zdWx0LmNvLnVrPokAlQIFEDB9bQUCsC8HBxL+vQEB
f1UD+wZbZoFW3BxSWESkK5eVkAyIPWSya+6Mus7Wm8ili57393dflAD6hyWUHXzQ
4xMNeUe21+rri2Fwx4EBHpgydGKRH8i4Aa57nqZrklekG86jpYL9K7812IUPNIiZ
YL1qaoOAErksMUNcnhCIJiY/Pae0q5QQX+GDLaonJB6DRytmmQCcAjBAynIAAAEE
AKe1ciGQG9XNU5xW2FGnj57iKCUnIHwyOVRsNJIlomC9z1pPRswk7n/u6OzkGHXL
Wwprms2z+oXdmy6GEf9S6tBBegxkHQXWqE0C0CVDU0J/nvhHGPyuPc+E48eJfw4w
vrL88FI2sUunLLBFIqums3Mmwvw+HTl7z+D1+HYIOgipAICAAAAAAAAAAAAAAAAA
AAADtC9TY2hlZHVsZXIgU2VydmljZSAoTUVSX1NjaGVkdWxlIG9uIFxcTUVSX0RF
Q1hMKYkAlQIFEDBAyyUCsC8HBxL+vQEBTzwD/R+poiqvf5Y7xrnyDN5SIBRv7Mol
AAO3OkPat9Fv2nCd4SnCGAVxFxIw1fmfvo1jmjl8HBFHNQGtOgH1OWOfQn14KvIH
0MlnPZXqjW5s0lBB8xLbYVajxa48z+S+ywrIZcOyBwstajUO/GQrJ2INKJTLLXbx
/9RMasYffbrjlPFxmQEUAjB8ShIAAAEH/ik88ajLvxnTEISQucJtA5wCqsAdrj9u
ABYZtq0JmYw0rQ7djivY2/DX6pmRPShNbu8EaNWdmvtzDpKB5BPYqBWsPkD+5zDR
w3cbtV1D0QrV/NNOmOhf2WGmSFtzZXgIwaLedtwHduM7WlkrvFEErEqTlMBYYPdi
QGmSI0EJC0jNyezR0ysjGnT0f3JX2ANKpra84sgUZXgWHcJ6Vn/1gdQR4Q9tFisq
t35Ze8DySfjQYtdrmUFBz7ZzbN9KcOxAWBYq+CNJbBbY4YdFM2xaShY2Iej/fBMl
iyH/DPjdYabaCBDv2FwFVmkHrsn5vX5TrlguzPbtvGhsgZWdtXC2H4EAQIAAAAAA
AAADtCtUaW1lc3RhbXAgU2VydmljZSA8c3RhbXBlckBpdGNvbnN1bHQuY28udWs+
iQCVAgUQMH1scQKwLwcHEv69AQHssAQAmobA3SDsnszFcUNm3MRuEiDM2vw+k9iJ
2sIWuKzUrG0S2fAGcCHbCHqV8s1spqjAdOXZZphp7AIeCRnxEH8IMrCY+bjA0YqQ
zkYmIvYVswP2KQ7vlY/Wc1N66RWww/xrnmtN+dlAFrLKSbhlTzLubp6fdlLR8AJs
ivXSq6kfyfg=
=9kJE
-----END PGP PUBLIC KEY BLOCK-----

This contains my key, the key for Stamper and the key for my machine's "Scheduler Service". This latter key will be used to sign some of the log files on a day to day basis.

Service Announcements

It is recommended that all users of the service should join the mailing list stamper-announce by sending a message to list@stamper.itconsult.co.uk with "JOIN STAMPER-ANNOUNCE" (without the quotes) in the BODY of the message.

This list will only receive very occasional messages from me relating to the service. It is the only way I will be able to generally contact users of the service.

List Server Instructions

Instructions on the use of the list server are available by sending a message to list@stamper.itconsult.co.uk with "HELP" (without the quotes) in the BODY of the message.

Terms and Conditions

Stamper is a service provided free of charge to Internet users by I. T. Consultancy Limited, on the following terms; by using Stamper you (for yourselves and anybody claiming under you) accept these terms in their entirety and agree to be bound by them.

  1. In these terms:
  2. You may only use Stamper if you accept these terms in their entirety and unmodified in any way, and you agree use of Stamper outside these terms would be wholly unlawful and unauthorised.
  3. You will not use Stamper in furtherance of or in connection with any unlawful purpose, or in any way which is or may be unlawful under the laws of any relevant jurisdiction.
  4. You will not use Stamper in connection with any distribution of unsolicited or bulk email messages or for the purposes of sending email purporting to be from an address other than your own.
  5. I. T. Consultancy Limited reserves the right to specifically withdraw the use of the Stamper service from any person or body without notice.
  6. YOU AGREE THAT NO LIABILITY SHALL ATTACH TO I. T. CONSULTANCY LIMITED UNDER ANY CIRCUMSTANCES IN RELATION TO ANY USE OF STAMPER BY YOU, AND BY USING STAMPER YOU WHOLLY RELEASE I. T. CONSULTANCY LIMITED FROM ANY SUCH LIABILITY TO THE FULLEST EXTENT PERMITTED BY LAW.
  7. You agree to fully indemnify I. T. Consultancy Limited against any liability it may incur (including the legal costs of a successful defence or of a compromise) on the indemnity basis as a result of any claim being made against us in relation to your use of Stamper.
  8. Stamper is provided on an 'as is' basis, and you agree that, in view of the fact that Stamper is a service provided free of charge, these terms are reasonable in every way.
  9. You agree that the laws of the Island of Jersey shall be the applicable law in relation to these terms and to the use of Stamper, and that the courts of the Island of Jersey shall have exclusive jurisdiction in all such matters.

Feedback

Naturally, I would be delighted to receive any comments(either negative or positive) about the service in general.


Finally I would like to thank Roger Sinclair <egos@cix.compulink.co.uk> for his assistance with the Terms & Conditions section of this document.

Matthew Richardson <matthew@itconsult.co.uk>
I. T. Consultancy Limited, Jersey, Channel Islands
Last updated: 30 July 2004
Copyright © 1995, 1996, 1997 I. T. Consultancy Limited