||DSA 3072 bit
||DSA 3072 bit
Additional Backup Public Key Repositories
Online Procedure - Single File Certificate:
Online Procedure - Multiple File Certificate:
- Supply the certificate to http://TrueTimeStamp.org for verification.
- Additionally, for each file that you want to prove existed at the time point above, you must confirm that the SHA-2 of these file(s) matches those listed within the certificate (see section "How to Calculate SHA-2 Fingerprint of a file" below).
- Use these procedures if TrueTimeStamp.org ceases to exist, or if you would like to also verify the certificate as an addition to online verification. Instructions are also included within each certificate.
- Items necessary for offline verification:
- Certificate Issued by TrueTimeStamp.org (subsequently referred to as "myCertificateFile").
- Original Unmodified File(s) which you would like to verify. If the certificate refers to numerous files, only the file(s) which need to be verified are needed, and any superfluous files can be omitted.
- Obtain GPG software ( https://www.gnupg.org/download )
- Obtain the True Time Stamp Public Key, from the links at the top of this page, or any of the backup servers above, by searching by email or key ID or key Fingerprint:
- EMAIL: signing-department@TrueTimeStamp.org
- KEY ID: 0x6f3b2e6ab748a8f8
- KEY Fingerprint: 0x83289060F40DED088CF246B56F3B2E6AB748A8F8
- Download the appropriate key, save as publicKeyFile
- Import the downloaded public-key via command-line:
- gpg --import publicKeyFile
- Verify the authenticity of the certificate via command-line:
- gpg --verify myCertificateFile
- The output should be:
- Signature made [[date and time here]] using DSA key ID B748A8F8
- gpg: Good signature from "TrueTimeStamp <signing-department@TrueTimeStamp.org>
- Depending on whether you have designated the TrueTimeStamp key as "trusted", a warning may be displayed.
- Next, calculate the SHA-256 fingerprint of each file(s) that you would like to verify existed at the time the certificate was signed, and confirm this SHA-256 fingerprint is contained within the certificate under "Constituent Files".
- How to Calculate SHA-2 Fingerprint of a file:
- Use one of these 3 methods (replace "MyFileName" with the name of your file). You may need to install the program "sha256sum" or "openssl":
- Command Line: sha256sum MyFileName
- Command Line: openssl dgst -sha256 MyFileName
- Online at http://TrueTimeStamp.org, by submitting the file to Verify Time Stamp » Original File
Create or Verify a Time Stamp
- Validity Chain is computed as SHA-2( Validity Chain of Prior certificate, SHA-2 of current file, UNIX Time Stamp).