PGP Digital Timestamping Service


Introduction

Early in 1995 I was looking for an automatic digital timestamping service which could be used to corroborate the date at which I had signed a document with PGP. At that point I could only find one commercial service and that used proprietary software.

I therefore resolved to setup such a service which would be free of charge to users. I wanted to use PGP as the signing software and provide the service by Internet email, which was at the time by far the most common form of connection to the Internet.

Stamper was therefore launched in October 1995.

In April 1997, proof of posting certificates were added.

Using the Service

The service operates in a number of different "modes" depending upon the required results. The current modes are:-

Using the service in post mode

This mode is used to forward a message providing a proof of posting certificate.

The message should be addressed to post@stamper.itconsult.co.uk and must contain one line in the body of the message for each recipient of the form:-

     X-Stamper-To: emailaddress

Multiple recipients must have separate X-Stamper-To: lines. It is also important that the "X" must start in column 1.

The message signed with a proof of posting certificate and will be queued for sending to the addresses given. It will be resent in the name of the original sender so any bounce messages will go back directly to the sender. A copy of the posted message will also be returned to the sender.

It is important to note that such a certificate guarantees that someone claiming to be the sender asked Stamper to send the message to the listed recipients. It does not guarantee that the message was delivered, and it does not authenticate the sender in any way.

Should you wish to send a pgp clearsigned message, the "X-Stamper-To:" directives should be inserted before the "-----BEGIN PGP" part of the message. If it is put inside, Stamper will remove the line which will cause the signature validation to fail.

An example of use is also available.

Using Stamper in clear mode

This mode is used to get a clearsigned copy of the received message text. The message should be sent to clear@stamper.itconsult.co.uk.

Using Stamper in header mode

This mode is used to get a clearsigned copy of the received message text and message headers. The message should be sent to header@stamper.itconsult.co.uk.

In this case it is important to be aware that the headers received by Stamper may have been forged.

Using Stamper in text mode

This mode is used to get a signed and ASCII armoured copy of the received message test. The message should be sent to text@stamper.itconsult.co.uk.

Using Stamper in pgp mode

This mode is used to get an existing pgp file signed and the result returned to the sender. Typically this would be used to get a "compound" signature on a document by sending Stamper a signed document or a detached signature certificate.

The ASCII armoured pgp file should be send to pgp@stamper.itconsult.co.uk.

For the technically minded this mode removes the ascii armour and signs the resulting document using:-

     pgp -sba receivedmessage -o returnedmessage +batch +force

Using Stamper in binary mode

This mode is used to get a binary file signed and the result returned to the sender.

The ASCII armoured binary file should be send to binary@stamper.itconsult.co.uk.

For the technically minded this mode removes the ascii armour and signs the resulting document using:-

     pgp -sba receivedmessage -o returnedmessage +batch

The only difference between this and PGP mode, is that Stamper will assume that the underlying file has NOT been produced by PGP.

Trusting Stamper

It would be very easy for me to try and say what a reliable and trustworthy sort of a fellow I am and that you can naturally assume that Stamper will provide accurate timestamps which will never be backdated. This would not be good enough!!

Every signature made by Stamper will have a unique serial number. This number automatically increments by one every time a document is signed. Stamper also stamps summaries of its own signatures from the previous day.

Each signature will be retained by Stamper and may be inspected by anyone. The only details which will be disclosed will be the detached signature (not what is returned to the user), its serial number and the time & date it was made. Specifically any message text or email addresses will NOT be disclosed.

Thus the combination of the serial number being in chronological order coupled with publishing the signatures should provide sufficient certainty that timestamps have not been back (or forward) dated.

Stamper will generate two types of daily files: an updated log showing the last signature serial number made on each day (called SIGYYYY.TXT), and a zip file of all the detached signatures made on that day (called YYYYMMDD.ASC). In these cases YYYY, MM & DD represent the components of a date. These files are available via this website or may be requested from the list server list@itconsult.co.uk by sending it a message containing the line "GET STAMPER-FILES filename" (without the quotes) in the BODY of the message. Multiple files may be requested on separate lines in the body of the same message tolist@stamper.itconsult.co.uk.

The daily zip files will have been signed by Stamper (complete with serial number, as normal) and will have ASCII armour. Note that you will require zip file processing software in order to extract the individual signatures. Other formats may be considered if there is sufficient demand.

In order to enhance the trustworthiness of the service, the detached signatures of the daily zip files will be published weekly in the Usenet group comp.security.pgp.announce for the week ending the previous Saturday. They will also be sent by email to users who request this by sending a message to list@stamper.itconsult.co.uk with "JOIN STAMPER-ANNOUNCE" (without the quotes) in the BODY of the message.

These weekly messages will also be available from STAMPER-FILES named WKYYYYMMN.TXT, where YYYY & MM are the year and month and N is the number of the Saturday in the month.

Support

If support is required, mail messages should be sent to support@stamper.itconsult.co.uk. It would be really appreciated if support queries were not sent to any other email addresses.

Public Keys

Following are the public keys relating to Stamper. Please note that the key for Stamper itself is 2046 bits which requires a recent version of PGP.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAi6FPa4AAAEEALw3nEftUsvZLnyeCRcn5kMOebdcSlw3UpTVbhtZDZsFxFJE
lcwlM11NJjXV4saOAn8xbUvDDgOusRTkKA4gno1L89SPl3M8/SZ8RSUSzqVkqBKQ
K2p036F5K5PsKYTMtGSCu5Bpb4hG2fyVqOcETSAM0RJ9Sdvg7gKwLwcHEv69AAUR
tCxNYXR0aGV3IFJpY2hhcmRzb24gPEplcnNleSwgQ2hhbm5lbCBJc2xhbmRzPokA
lQMFEDNnJQ0KYXxTP5jTfQEBJLID/3BZOKqIbK6CR1a1Q/fDUZwvAC0opFSYmfIV
VHjuR1gGc9mHxjiniHpMDBfn84yvkEQ5Dn+qBFAwE69dew80YDsRcJwXu8YGMB53
Tj07M/MdSpA2ZYX1NMxy+uMtbzuwMZJLeqDvqyV/oEff5IROhZxBf8A/0cPnf4Fx
xD3FUJQ9iQCVAwUQMRfq0zm3lb9t1QxBAQHGBAP/bGfT7eTkHWnebwocCrolFn3w
heEKfOJ7yf6ciF8DagwmZz+Dn8XCW3kyDB/qE1Q/J1OJ27mXF3Uz53Sp1BT2uv2T
YTgnQ67sL4ur6t8voNlLJKvMgyZFG07o5U8+jzAf5yL3fpZcqvOdyjXNMZx/X95H
pQA6hKRplpp77kyulK6JAJUCBRAvtm80kzC3sFWOCaUBAVV2A/9Fp7QEX2VO7FgI
Y+t/K4fb6+au30BxFfKVX4a/OBAAql9X70koFtNd9Ul1l959F/BxHtExDmEGkCj1
egssDyB88pH2gWm8CVayOzlM+SO/a+OvQVTSTvG8T80MpvEyfJfqB5xNpkQfWJ/a
5XHlMDPgEjbiLuxSYu0XWW/VRJZp7YkAlQIFEC6FPm4CsC8HBxL+vQEBl74D/2/Z
kU9M6Doc69jFrig3jHFMlYNWIu7pWniVjtj2PwRgMT5O83IUoLy3kxmzEM5DELZ1
fAEg+6DMxCDka3S8B7S769fcto/nTLaAkItWzjqPZKjg5AnXQEI6mRg8N30MNK5+
ViT/VfRhgpyjSqxWhAehN4Q+PxX5MBF3xaGaXD5CtCxNYXR0aGV3IFJpY2hhcmRz
b24gPG1hdHRoZXdAaXRjb25zdWx0LmNvLnVrPokAlQIFEDB9bQUCsC8HBxL+vQEB
f1UD+wZbZoFW3BxSWESkK5eVkAyIPWSya+6Mus7Wm8ili57393dflAD6hyWUHXzQ
4xMNeUe21+rri2Fwx4EBHpgydGKRH8i4Aa57nqZrklekG86jpYL9K7812IUPNIiZ
YL1qaoOAErksMUNcnhCIJiY/Pae0q5QQX+GDLaonJB6DRytmmQCcAjBAynIAAAEE
AKe1ciGQG9XNU5xW2FGnj57iKCUnIHwyOVRsNJIlomC9z1pPRswk7n/u6OzkGHXL
Wwprms2z+oXdmy6GEf9S6tBBegxkHQXWqE0C0CVDU0J/nvhHGPyuPc+E48eJfw4w
vrL88FI2sUunLLBFIqums3Mmwvw+HTl7z+D1+HYIOgipAICAAAAAAAAAAAAAAAAA
AAADtC9TY2hlZHVsZXIgU2VydmljZSAoTUVSX1NjaGVkdWxlIG9uIFxcTUVSX0RF
Q1hMKYkAlQIFEDBAyq7g9fh2CDoIqQEBqMgD/j3LFP4UXLsNFeQJ6dW0T09zDpKV
dAvDQP0v3FBmB78yUwx41MvnTQIU9RuQ/ilJde61BrBYvKjHhiLhvBcDpz7AETwb
R/3VmKqKEM3PSadDuJIxuqo7LwDnwdssbjt8lgNTHYcPBcO8q/oVIsgf/Ztf0TmF
6cu4tUnMSYAAprVNiQCVAgUQMEDLJQKwLwcHEv69AQFPPAP9H6miKq9/ljvGufIM
3lIgFG/syiUAA7c6Q9q30W/acJ3hKcIYBXEXEjDV+Z++jWOaOXwcEUc1Aa06AfU5
Y59CfXgq8gfQyWc9leqNbmzSUEHzEtthVqPFrjzP5L7LCshlw7IHCy1qNQ78ZCsn
Yg0olMstdvH/1Exqxh99uuOU8XGZARQCMHxKEgAAAQf+KTzxqMu/GdMQhJC5wm0D
nAKqwB2uP24AFhm2rQmZjDStDt2OK9jb8NfqmZE9KE1u7wRo1Z2a+3MOkoHkE9io
Faw+QP7nMNHDdxu1XUPRCtX8006Y6F/ZYaZIW3NleAjBot523Ad24ztaWSu8UQSs
SpOUwFhg92JAaZIjQQkLSM3J7NHTKyMadPR/clfYA0qmtrziyBRleBYdwnpWf/WB
1BHhD20WKyq3fll7wPJJ+NBi12uZQUHPtnNs30pw7EBYFir4I0lsFtjhh0UzbFpK
FjYh6P98EyWLIf8M+N1hptoIEO/YXAVWaQeuyfm9flOuWC7M9u28aGyBlZ21cLYf
gQBAgAAAAAAAAAO0K1RpbWVzdGFtcCBTZXJ2aWNlIDxzdGFtcGVyQGl0Y29uc3Vs
dC5jby51az6JARUCBRBTghLJgZWdtXC2H4EBAd2NB/4nZQsTMYK5x6Q6R6OWNDtN
GYYJlBGQfnD3vhCkaEfnrRyfEvLWzMM7+dOJozL30EbJeKuBaMI+Nkz63er6dWW7
AMbiOFjhynNx2Zg+eokHFfoMjc/2fY0L56EPfnm9y449uXj8yyGv5PyoJhbgWcg9
cTeUr1lbDDG+mL+6HxQgm9kBYxECuG4JMx9GD/TBejoMo/Kk4YXbVxuOpyOoec1/
KW8AxmKe5ccotkwerNfmIhqTZkB7K185n6LxX7L2SIDWHn2SXxkLS0psdRtJOuTM
3EzVcdIYUjKezDQEQiAVZMO+hMqMqGMlJUuBCK1kxunSH1Xjmz6OcLrmlUC4HZWW
iQCVAgUQMH1scQKwLwcHEv69AQHssAQAmobA3SDsnszFcUNm3MRuEiDM2vw+k9iJ
2sIWuKzUrG0S2fAGcCHbCHqV8s1spqjAdOXZZphp7AIeCRnxEH8IMrCY+bjA0YqQ
zkYmIvYVswP2KQ7vlY/Wc1N66RWww/xrnmtN+dlAFrLKSbhlTzLubp6fdlLR8AJs
ivXSq6kfyfg=
=Ky0z
-----END PGP PUBLIC KEY BLOCK-----

This contains my key, the key for Stamper and the key for my machine's "Scheduler Service". This latter key will be used to sign some of the log files on a day to day basis.

Service Announcements

It is recommended that all users of the service should join the mailing list stamper-announce by sending a message to list@stamper.itconsult.co.uk with "JOIN STAMPER-ANNOUNCE" (without the quotes) in the BODY of the message.

This list will only receive very occasional messages from me relating to the service. It is the only way I will be able to generally contact users of the service.

List Server Instructions

Instructions on the use of the list server are available by sending a message to list@stamper.itconsult.co.uk with "HELP" (without the quotes) in the BODY of the message.

Terms and Conditions

Stamper is a service provided free of charge to Internet users by I. T. Consultancy Limited, on the following terms; by using Stamper you (for yourselves and anybody claiming under you) accept these terms in their entirety and agree to be bound by them.

  1. In these terms:
  2. You may only use Stamper if you accept these terms in their entirety and unmodified in any way, and you agree use of Stamper outside these terms would be wholly unlawful and unauthorised.
  3. You will not use Stamper in furtherance of or in connection with any unlawful purpose, or in any way which is or may be unlawful under the laws of any relevant jurisdiction.
  4. You will not use Stamper in connection with any distribution of unsolicited or bulk email messages or for the purposes of sending email purporting to be from an address other than your own.
  5. I. T. Consultancy Limited reserves the right to specifically withdraw the use of the Stamper service from any person or body without notice.
  6. YOU AGREE THAT NO LIABILITY SHALL ATTACH TO I. T. CONSULTANCY LIMITED UNDER ANY CIRCUMSTANCES IN RELATION TO ANY USE OF STAMPER BY YOU, AND BY USING STAMPER YOU WHOLLY RELEASE I. T. CONSULTANCY LIMITED FROM ANY SUCH LIABILITY TO THE FULLEST EXTENT PERMITTED BY LAW.
  7. You agree to fully indemnify I. T. Consultancy Limited against any liability it may incur (including the legal costs of a successful defence or of a compromise) on the indemnity basis as a result of any claim being made against us in relation to your use of Stamper.
  8. Stamper is provided on an 'as is' basis, and you agree that, in view of the fact that Stamper is a service provided free of charge, these terms are reasonable in every way.
  9. You agree that the laws of the Island of Jersey shall be the applicable law in relation to these terms and to the use of Stamper, and that the courts of the Island of Jersey shall have exclusive jurisdiction in all such matters.

Feedback

Naturally, I would be delighted to receive any comments(either negative or positive) about the service in general.


Finally I would like to thank Roger Sinclair <egos@cix.compulink.co.uk> for his assistance with the Terms & Conditions section of this document.

Matthew Richardson
I. T. Consultancy Limited, Jersey, Channel Islands
Last updated: 25 May 2014
Copyright © 1995, 1996, 1997, 2014 I. T. Consultancy Limited