Early in 1995 I was looking for an automatic digital timestamping service which could be used to corroborate the date at which I had signed a document with PGP. At that point I could only find one commercial service and that used proprietary software.
I therefore resolved to setup such a service which would be free of charge to users. I wanted to use PGP as the signing software and provide the service by Internet email, which was at the time by far the most common form of connection to the Internet.
Stamper was therefore launched in October 1995.
In April 1997, proof of posting certificates were added.
The service operates in a number of different "modes" depending upon the required results. The current modes are:-
This mode is used to forward a message providing a proof of posting certificate.
The message should be addressed to email@example.com and must contain one line in the body of the message for each recipient of the form:-
Multiple recipients must have separate X-Stamper-To: lines. It is also important that the "X" must start in column 1.
The message signed with a proof of posting certificate and will be queued for sending to the addresses given. It will be resent in the name of the original sender so any bounce messages will go back directly to the sender. A copy of the posted message will also be returned to the sender.
It is important to note that such a certificate guarantees that someone claiming to be the sender asked Stamper to send the message to the listed recipients. It does not guarantee that the message was delivered, and it does not authenticate the sender in any way.
Should you wish to send a pgp clearsigned message, the "X-Stamper-To:" directives should be inserted before the "-----BEGIN PGP" part of the message. If it is put inside, Stamper will remove the line which will cause the signature validation to fail.
An example of use is also available.
This mode is used to get a clearsigned copy of the received message text. The message should be sent to firstname.lastname@example.org.
This mode is used to get a clearsigned copy of the received message text and message headers. The message should be sent to email@example.com.
In this case it is important to be aware that the headers received by Stamper may have been forged.
This mode is used to get a signed and ASCII armoured copy of the received message test. The message should be sent to firstname.lastname@example.org.
This mode is used to get an existing pgp file signed and the result returned to the sender. Typically this would be used to get a "compound" signature on a document by sending Stamper a signed document or a detached signature certificate.
The ASCII armoured pgp file should be send to email@example.com.
For the technically minded this mode removes the ascii armour and signs the resulting document using:-
pgp -sba receivedmessage -o returnedmessage +batch +force
This mode is used to get a binary file signed and the result returned to the sender.
The ASCII armoured binary file should be send to firstname.lastname@example.org.
For the technically minded this mode removes the ascii armour and signs the resulting document using:-
pgp -sba receivedmessage -o returnedmessage +batch
The only difference between this and PGP mode, is that Stamper will assume that the underlying file has NOT been produced by PGP.
It would be very easy for me to try and say what a reliable and trustworthy sort of a fellow I am and that you can naturally assume that Stamper will provide accurate timestamps which will never be backdated. This would not be good enough!!
Every signature made by Stamper will have a unique serial number. This number automatically increments by one every time a document is signed. Stamper also stamps summaries of its own signatures from the previous day.
Each signature will be retained by Stamper and may be inspected by anyone. The only details which will be disclosed will be the detached signature (not what is returned to the user), its serial number and the time & date it was made. Specifically any message text or email addresses will NOT be disclosed.
Thus the combination of the serial number being in chronological order coupled with publishing the signatures should provide sufficient certainty that timestamps have not been back (or forward) dated.
Stamper will generate two types of daily files: an updated log showing the last signature serial number made on each day (called SIGYYYY.TXT), and a zip file of all the detached signatures made on that day (called YYYYMMDD.ASC). In these cases YYYY, MM & DD represent the components of a date. These files are available via this website or may be requested from the list server email@example.com by sending it a message containing the line "GET STAMPER-FILES filename" (without the quotes) in the BODY of the message. Multiple files may be requested on separate lines in the body of the same message firstname.lastname@example.org.
The daily zip files will have been signed by Stamper (complete with serial number, as normal) and will have ASCII armour. Note that you will require zip file processing software in order to extract the individual signatures. Other formats may be considered if there is sufficient demand.
In order to enhance the trustworthiness of the service, the detached signatures of the daily zip files will be published weekly in the Usenet group comp.security.pgp.announce for the week ending the previous Saturday. They will also be sent by email to users who request this by sending a message to email@example.com with "JOIN STAMPER-ANNOUNCE" (without the quotes) in the BODY of the message.
These weekly messages will also be available from STAMPER-FILES named WKYYYYMMN.TXT, where YYYY & MM are the year and month and N is the number of the Saturday in the month.
If support is required, mail messages should be sent to firstname.lastname@example.org. It would be really appreciated if support queries were not sent to any other email addresses.
Following are the public keys relating to Stamper. Please note that the key for Stamper itself is 2046 bits which requires a recent version of PGP.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQCNAi6FPa4AAAEEALw3nEftUsvZLnyeCRcn5kMOebdcSlw3UpTVbhtZDZsFxFJE lcwlM11NJjXV4saOAn8xbUvDDgOusRTkKA4gno1L89SPl3M8/SZ8RSUSzqVkqBKQ K2p036F5K5PsKYTMtGSCu5Bpb4hG2fyVqOcETSAM0RJ9Sdvg7gKwLwcHEv69AAUR tCxNYXR0aGV3IFJpY2hhcmRzb24gPEplcnNleSwgQ2hhbm5lbCBJc2xhbmRzPokA lQMFEDNnJQ0KYXxTP5jTfQEBJLID/3BZOKqIbK6CR1a1Q/fDUZwvAC0opFSYmfIV VHjuR1gGc9mHxjiniHpMDBfn84yvkEQ5Dn+qBFAwE69dew80YDsRcJwXu8YGMB53 Tj07M/MdSpA2ZYX1NMxy+uMtbzuwMZJLeqDvqyV/oEff5IROhZxBf8A/0cPnf4Fx xD3FUJQ9iQCVAwUQMRfq0zm3lb9t1QxBAQHGBAP/bGfT7eTkHWnebwocCrolFn3w heEKfOJ7yf6ciF8DagwmZz+Dn8XCW3kyDB/qE1Q/J1OJ27mXF3Uz53Sp1BT2uv2T YTgnQ67sL4ur6t8voNlLJKvMgyZFG07o5U8+jzAf5yL3fpZcqvOdyjXNMZx/X95H pQA6hKRplpp77kyulK6JAJUCBRAvtm80kzC3sFWOCaUBAVV2A/9Fp7QEX2VO7FgI Y+t/K4fb6+au30BxFfKVX4a/OBAAql9X70koFtNd9Ul1l959F/BxHtExDmEGkCj1 egssDyB88pH2gWm8CVayOzlM+SO/a+OvQVTSTvG8T80MpvEyfJfqB5xNpkQfWJ/a 5XHlMDPgEjbiLuxSYu0XWW/VRJZp7YkAlQIFEC6FPm4CsC8HBxL+vQEBl74D/2/Z kU9M6Doc69jFrig3jHFMlYNWIu7pWniVjtj2PwRgMT5O83IUoLy3kxmzEM5DELZ1 fAEg+6DMxCDka3S8B7S769fcto/nTLaAkItWzjqPZKjg5AnXQEI6mRg8N30MNK5+ ViT/VfRhgpyjSqxWhAehN4Q+PxX5MBF3xaGaXD5CtCxNYXR0aGV3IFJpY2hhcmRz b24gPG1hdHRoZXdAaXRjb25zdWx0LmNvLnVrPokAlQIFEDB9bQUCsC8HBxL+vQEB f1UD+wZbZoFW3BxSWESkK5eVkAyIPWSya+6Mus7Wm8ili57393dflAD6hyWUHXzQ 4xMNeUe21+rri2Fwx4EBHpgydGKRH8i4Aa57nqZrklekG86jpYL9K7812IUPNIiZ YL1qaoOAErksMUNcnhCIJiY/Pae0q5QQX+GDLaonJB6DRytmmQCcAjBAynIAAAEE AKe1ciGQG9XNU5xW2FGnj57iKCUnIHwyOVRsNJIlomC9z1pPRswk7n/u6OzkGHXL Wwprms2z+oXdmy6GEf9S6tBBegxkHQXWqE0C0CVDU0J/nvhHGPyuPc+E48eJfw4w vrL88FI2sUunLLBFIqums3Mmwvw+HTl7z+D1+HYIOgipAICAAAAAAAAAAAAAAAAA AAADtC9TY2hlZHVsZXIgU2VydmljZSAoTUVSX1NjaGVkdWxlIG9uIFxcTUVSX0RF Q1hMKYkAlQIFEDBAyq7g9fh2CDoIqQEBqMgD/j3LFP4UXLsNFeQJ6dW0T09zDpKV dAvDQP0v3FBmB78yUwx41MvnTQIU9RuQ/ilJde61BrBYvKjHhiLhvBcDpz7AETwb R/3VmKqKEM3PSadDuJIxuqo7LwDnwdssbjt8lgNTHYcPBcO8q/oVIsgf/Ztf0TmF 6cu4tUnMSYAAprVNiQCVAgUQMEDLJQKwLwcHEv69AQFPPAP9H6miKq9/ljvGufIM 3lIgFG/syiUAA7c6Q9q30W/acJ3hKcIYBXEXEjDV+Z++jWOaOXwcEUc1Aa06AfU5 Y59CfXgq8gfQyWc9leqNbmzSUEHzEtthVqPFrjzP5L7LCshlw7IHCy1qNQ78ZCsn Yg0olMstdvH/1Exqxh99uuOU8XGZARQCMHxKEgAAAQf+KTzxqMu/GdMQhJC5wm0D nAKqwB2uP24AFhm2rQmZjDStDt2OK9jb8NfqmZE9KE1u7wRo1Z2a+3MOkoHkE9io Faw+QP7nMNHDdxu1XUPRCtX8006Y6F/ZYaZIW3NleAjBot523Ad24ztaWSu8UQSs SpOUwFhg92JAaZIjQQkLSM3J7NHTKyMadPR/clfYA0qmtrziyBRleBYdwnpWf/WB 1BHhD20WKyq3fll7wPJJ+NBi12uZQUHPtnNs30pw7EBYFir4I0lsFtjhh0UzbFpK FjYh6P98EyWLIf8M+N1hptoIEO/YXAVWaQeuyfm9flOuWC7M9u28aGyBlZ21cLYf gQBAgAAAAAAAAAO0K1RpbWVzdGFtcCBTZXJ2aWNlIDxzdGFtcGVyQGl0Y29uc3Vs dC5jby51az6JARUCBRBTghLJgZWdtXC2H4EBAd2NB/4nZQsTMYK5x6Q6R6OWNDtN GYYJlBGQfnD3vhCkaEfnrRyfEvLWzMM7+dOJozL30EbJeKuBaMI+Nkz63er6dWW7 AMbiOFjhynNx2Zg+eokHFfoMjc/2fY0L56EPfnm9y449uXj8yyGv5PyoJhbgWcg9 cTeUr1lbDDG+mL+6HxQgm9kBYxECuG4JMx9GD/TBejoMo/Kk4YXbVxuOpyOoec1/ KW8AxmKe5ccotkwerNfmIhqTZkB7K185n6LxX7L2SIDWHn2SXxkLS0psdRtJOuTM 3EzVcdIYUjKezDQEQiAVZMO+hMqMqGMlJUuBCK1kxunSH1Xjmz6OcLrmlUC4HZWW iQCVAgUQMH1scQKwLwcHEv69AQHssAQAmobA3SDsnszFcUNm3MRuEiDM2vw+k9iJ 2sIWuKzUrG0S2fAGcCHbCHqV8s1spqjAdOXZZphp7AIeCRnxEH8IMrCY+bjA0YqQ zkYmIvYVswP2KQ7vlY/Wc1N66RWww/xrnmtN+dlAFrLKSbhlTzLubp6fdlLR8AJs ivXSq6kfyfg= =Ky0z -----END PGP PUBLIC KEY BLOCK-----
This contains my key, the key for Stamper and the key for my machine's "Scheduler Service". This latter key will be used to sign some of the log files on a day to day basis.
It is recommended that all users of the service should join the mailing list stamper-announce by sending a message to email@example.com with "JOIN STAMPER-ANNOUNCE" (without the quotes) in the BODY of the message.
This list will only receive very occasional messages from me relating to the service. It is the only way I will be able to generally contact users of the service.
Instructions on the use of the list server are available by sending a message to firstname.lastname@example.org with "HELP" (without the quotes) in the BODY of the message.
Stamper is a service provided free of charge to Internet users by I. T. Consultancy Limited, on the following terms; by using Stamper you (for yourselves and anybody claiming under you) accept these terms in their entirety and agree to be bound by them.
Naturally, I would be delighted to receive any comments(either negative or positive) about the service in general.
Finally I would like to thank Roger Sinclair <email@example.com> for his assistance with the Terms & Conditions section of this document.Matthew Richardson