| |
|
 |
Strong evidence for data authentication
|
|
|
|
| |
Public key certificates for the time stamp authority |
| |
| |
The public keys are provided for independent verification of the time stamps
created by the DigiStamp time stamp servers. Each public key is provided
as a standard x.509 certificate. The public keys are used to verify the
digital signature contained in a time stamp. These certificates are commonly
contained within each time stamp and they are also provided here for convenience.
Click here for additional information about what you need to verify a time stamp.
Time Stamp server Root Certificate
The root certificate can be downloaded and added to your software. For
example, import the certificate to your Internet browser or Adobe Acrobat signing tools.
The DigiStamp root certificate:
 DGSca80.cer The certificate's SHA-1 value
is used for confirmation in some software:
9a048ed85eec7c802eeb
bbb7c91792d7aae45136
To review your options for integrating the chain of authority of these
certificates with your enterprise CA then click here. |
 |
| Time Stamp key life cycle |
|
|
The time stamp key-pairs are replaced frequently within the certified hardware
device. The frequency is one year or after one million time stamps are
created with the key-pair. Each event of "rekeying of the TSA key"
results in the cryptographic module creating and signing a new x.509 public
key certificate. The previous time stamp private key is destroyed at the
time of rekeying. The time stamps created with that private key are authenticated
using the x.509 public key certificate. More details are here where we describe that the time stamp private key cannot be extracted
from the certified hardware device. |
| Repository of Time Stamp public keys |
|
|
You can download these public keys over a SSL connection. The list below is in descending time order as we have replaced the keys. |
|
|
 |
Time-stamp public key certificate for server "TSA 1" |
| |
- Server's External Audit certificate DGS84.cer
|
|
Time-stamp public key certificate for server "TSA 2" |
|
- Server's External Audit certificate DGS83.cer
|
|
|
|
History of older keys that were used and then destroyed |
|
- Time stamp public key certificates for server "TSA 1", replaced
and private key destroyed:
- DGS84.32772.cer Nov 14, 2007 - May 21, 2008 12:51 GMT
- DGS84.32771.cer Jan 24, 2007 - Nov 14, 2007 12:54 GMT
- DGS84.32770.cer April 13, 2006 - Jan 24, 2007 13:23 GMT
- DGS84.32769.cer July 30, 2005 - April 13, 2006 12:45 GMT
- DGS82.32768.cer and DGS82.cer May 22, 2005 - July 30, 2005 12:10 GMT
- DGS68.cer May 2, 2004 - May 22, 2005 12:32 GMT
- These older certificates are before the external audit process and are
issued directly from the Root CA cert:
- DGS64.cer May 3, 2003 - May 2, 2004 21:44 GMT
- DGS57.cer May 6, 2002 - May 3, 2003 13:05 GMT
- DGS45.cer January 21, 2001 - May 6, 2002 16:29 GMT
- DGS37.cer October 29, 2000 - January 21, 2001 15:49 GMT
- DGS30.cer September 1, 2000 - October 29, 23:00 GMT
- DGS27.cer April 12, 2000 - September 1, 2000 21:30 GMT
- DGS23.cer March 31, 2000 - April 12, 2000 4:00 AM GMT
|
|
|
|
- Time stamp public key certificates for server "TSA 2", replaced
and private key destroyed:
- DGS83.32772.cer March 5, 2008 - August 27, 2008 16:47 GMT
- DGS83.32771.cer August 14, 2007 - March 5, 2008 13:29 GMT
- DGS83.32770.cer November 15, 2006 - August 14, 2007 12:33 GMT
- DGS83.32769.cer August 22, 2005 - November 15, 2006 13:01 GMT
- These older certificates are before the external audit process and are
issued directly from the Root CA cert:
- DGS69.cer August 1 2004 15:40 to August 22, 2005 12:49 GMT
- DGS67.cer August 7 2003 17:29 to August 1, 2004 15:08 GMT
- DGS63.cer April 5 13:31 2003 to August 15 16:30 2003 GMT
- DGS52.cer April 15, 2002 to April 5, 12:42 2003
- DGS46.cer January 21, 2001 to April 15, 2002 GMT
- DGS36.cer October 29, 2000 - January 21, 2001 16:02 GMT
- DGS32.cer August 19, 2000 - October 29, 2000 17:10 GMT
- The root certificate, serial number 44 and 58, were upgraded to support
audit process and encoding The previous certificate are still available
here: DGSca58.cer (replaced Feb 14 2005) and DGSca44.cer (first used for TSA2 on August 7 2003).
Time-stamp public keys for our IP-Protector application before March 2000
and back to when it was first released in March 1998 are available by writing
to support@e-TimeStamp.com (these were not stored in x.509 form).
|
|
|
|
TEST Time Stamp server public key certificates: |
|
- Root certificate:
- DGSca70T.cer - began using February 14, 2005
- The organizational unit in the certificate's distinguished name is "test TSA" to signify that the time stamp was created for
testing. Any time stamps that originated from the TEST environment (means
that the time stamp is verified using this certificate chain) are not trusted
time stamps. The TEST certificates and time stamp servers do not use the
NIST certified hardware and are provided just for testing purposes.
- Audit certificate:
- dgsAudit71T.cer
- This certificate is the same for all of the test server instances. This
certificate is issued by the above root certificate, DGSca70t. This Audit
certificate then issues the certificates for the test servers (see the
diagram on this page in the upper right).
- Time-stamp public key certificates for server "TSA TEST1":
- DGS72T.cer changed on March 17, 2008
- Time-stamp public key certificates for server "TSA TEST2":
- DGS73T.cer changed on March 17, 2008
|
|
|
|
Available Time-Stamp Servers for our general user community |
|
- The time stamp servers are available to generate production time stamps:
- "TSA1" - http://tsa1.digistamp.com/TSA at IP address 66.18.15.156
- "TSA2" - http://tsa2.digistamp.com/TSA at IP address 67.37.170.130
Toolkit users can access these servers for testing their software integration:
- "TSATEST1" - http://tsatest1.digistamp.com/TSA
- "TSATEST2" - http://tsatest2.digistamp.com/TSA
|
|
|
|
| |
|
|
|
| |
|
Copyright © 1999-2008 DigiStamp, Inc. - All Rights Reserved
SecureTime SM , IP Protector SM , and e-TimeStamp® are service marks
of DigiStamp, Inc.
|
| |
|
|
|
|
