Time Stamping
Strong evidence for data authentication
  Public key certificates for the time stamp authority
 
 
The public keys are provided for independent verification of the time stamps created by the DigiStamp time stamp servers. Each public key is provided as a standard x.509 certificate. The public keys are used to verify the digital signature contained in a time stamp. These certificates are commonly contained within each time stamp and they are also provided here for convenience.

Click here for additional information about what you need to verify a time stamp.

Time Stamp server Root Certificate
The root certificate can be downloaded and added to your software. For example, import the certificate to your Internet browser or Adobe Acrobat signing tools.
The DigiStamp root certificate:
DGSca80.cer The certificate's SHA-1 value
is used for confirmation in some software:
9a048ed85eec7c802eeb
bbb7c91792d7aae45136


To review your options for integrating the chain of authority of these certificates with your enterprise CA then click here.
Time Stamp key life cycle  
The time stamp key-pairs are replaced frequently within the certified hardware device. The frequency is one year or after one million time stamps are created with the key-pair. Each event of "rekeying of the TSA key" results in the cryptographic module creating and signing a new x.509 public key certificate. The previous time stamp private key is destroyed at the time of rekeying. The time stamps created with that private key are authenticated using the x.509 public key certificate. More details are here where we describe that the time stamp private key cannot be extracted from the certified hardware device.
 
Repository of Time Stamp public keys  
You can download these public keys over a SSL connection here.
Time-stamp public key certificate for current active server "TSA 1"
 
Time-stamp public key certificate for current active server "TSA 2"
  • Server's External Audit certificate DGS91.cer
    • Time stamp certificate DGS91.32776.cer put into service on February 17, 2010
History of older certificates that have had their signing key destroyed
  • Issued by Server's External Audit certificate DGS91.cer:
DGS91.32775.cer August 25, 2009 - February 17, 2010
DGS83.32774.cer February 25, 2009 - August 25, 2009
DGS83.32773.cer August 27, 2008 - February 25, 2009
DGS83.32772.cer March 5, 2008 - August 27, 2008
DGS83.32771.cer August 14, 2007 - March 5, 2008
DGS83.32770.cer November 15, 2006 - August 14, 2007
DGS83.32769.cer August 22, 2005 - November 15, 2006
  • Issued by Server's External Audit certificate DGS90.cer:
DGS90.32775.cer May 18, 2009 - Nov 11, 2009
DGS84.32774.cer Nov 18, 2008 - May 18, 2009
DGS84.32773.cer May 21, 2007 - Nov 18, 2008
DGS84.32772.cer Nov 14, 2007 - May 21, 2008
DGS84.32771.cer Jan 24, 2007 - Nov 14, 2007
DGS84.32770.cer April 13, 2006 - Jan 24, 2007
DGS84.32769.cer July 30, 2005 - April 13, 2006
  • Issued by Server's External Audit certificate DGS93.cer:
DGS93.32772.cer Nov 11, 2009 - May 11, 2010
  • Time stamp certificates older than 2005 and pre-date the external audit process are stored here.
Names of the Time-Stamp Servers for the general user community
The time stamp servers are available to generate production time stamps:
"TSA1" - https://tsa1.digistamp.com/TSA at IP address 66.18.15.156
"TSA2" - https://tsa2.digistamp.com/TSA at IP address 67.37.170.130
The above servers use HTTP authentication to your DigiStamp account. Use of SSL (https:) is optional.

TEST Time Stamp servers used in evaluations:
Any time stamps that originated from the TEST environment (means that the time stamp is verified using this certificate chain) are not trusted time stamps. The TEST certificates and time stamp servers do not use the NIST certified hardware and are provided just for testing purposes.
 
Root certificate:
DGSca70T.cer - began using February 14, 2005
The organizational unit in the certificate's distinguished name is "test TSA" to signify that the time stamp was created for testing.
Audit certificate:
dgsAudit71T.cer
This certificate is the same for all of the test server instances. This certificate is issued by the above root certificate, DGSca70t. This Audit certificate then issues the certificates for the test servers (see the diagram on this page in the upper right).
Time-stamp public key certificates for server "TSA TEST1":
DGS72T.cer changed on March 17, 2008
Time-stamp public key certificates for server "TSA TEST2":
DGS73T.cer changed on March 17, 2008
Evaluation users can access these servers for testing their software integration as:
"TSATEST1" - http://tsatest1.digistamp.com/TSA
"TSATEST2" - http://tsatest2.digistamp.com/TSA
 
     
 
 
 
Copyright © 1999-2010 DigiStamp, Inc. - All Rights Reserved
SecureTime SM , IP Protector SM , and e-TimeStamp® are service marks of DigiStamp, Inc.