Trusted timestamping example in Python

in

Here's a simple example on how to request a trusted timestamping service from a certificate authority using TSP (Time-Stamp Protocol). It's really simple if the server allows you to use standard HTTP interface instead of full TSP interface.

The code is below. What it does is hashes an example string and requests its trusted timestamp from time.certum.pl, courtesy of Unizeto certification authority.

import httplib, urllib
import hashlib
 
h = hashlib.sha1("dupa").hexdigest()
print "sha=", h
params = urllib.urlencode({'sha1' : h, })
headers = {}
conn = httplib.HTTPConnection('time.certum.pl')
conn.request("POST", "/", params, headers)
response = conn.getresponse()
 
print response.status, response.reason
data = response.read()
conn.close()
 
print "tsp=", data.encode('hex')
 
f = open('response.tsp', 'w')
f.write(data)
f.close()

The output file is binary, DER encoded PKCS#7 structure containing timestamp signed by the TSP service. It can be parsed with anything that understands PKCS#7:

$ openssl asn1parse -i -inform DER -in response.tsp
    0:d=0  hl=4 l=1804 cons: SEQUENCE
    4:d=1  hl=2 l=   9 prim:  OBJECT            :pkcs7-signedData
   15:d=1  hl=4 l=1789 cons:  cont [ 0 ]
   19:d=2  hl=4 l=1785 cons:   SEQUENCE
   23:d=3  hl=2 l=   1 prim:    INTEGER           :03
   26:d=3  hl=2 l=   9 cons:    SET
   28:d=4  hl=2 l=   7 cons:     SEQUENCE
   30:d=5  hl=2 l=   5 prim:      OBJECT            :sha1
   37:d=3  hl=3 l= 238 cons:    SEQUENCE
   40:d=4  hl=2 l=  11 prim:     OBJECT            :id-smime-ct-TSTInfo
   53:d=4  hl=3 l= 222 cons:     cont [ 0 ]
   56:d=5  hl=3 l= 219 prim:      OCTET STRING
  278:d=3  hl=4 l= 940 cons:    cont [ 0 ]
  282:d=4  hl=4 l= 936 cons:     SEQUENCE
  286:d=5  hl=4 l= 656 cons:      SEQUENCE
  290:d=6  hl=2 l=   3 cons:       cont [ 0 ]
  292:d=7  hl=2 l=   1 prim:        INTEGER           :02
  295:d=6  hl=2 l=   3 prim:       INTEGER           :047A55
  300:d=6  hl=2 l=  13 cons:       SEQUENCE
  302:d=7  hl=2 l=   9 prim:        OBJECT            :sha1WithRSAEncryption
  313:d=7  hl=2 l=   0 prim:        NULL
  315:d=6  hl=2 l=  62 cons:       SEQUENCE
  317:d=7  hl=2 l=  11 cons:        SET
  319:d=8  hl=2 l=   9 cons:         SEQUENCE
  321:d=9  hl=2 l=   3 prim:          OBJECT            :countryName
  326:d=9  hl=2 l=   2 prim:          PRINTABLESTRING   :PL
  330:d=7  hl=2 l=  27 cons:        SET
  332:d=8  hl=2 l=  25 cons:         SEQUENCE
  334:d=9  hl=2 l=   3 prim:          OBJECT            :organizationName
  339:d=9  hl=2 l=  18 prim:          PRINTABLESTRING   :Unizeto Sp. z o.o.
  359:d=7  hl=2 l=  18 cons:        SET
  361:d=8  hl=2 l=  16 cons:         SEQUENCE
  363:d=9  hl=2 l=   3 prim:          OBJECT            :commonName
  368:d=9  hl=2 l=   9 prim:          PRINTABLESTRING   :Certum CA
  379:d=6  hl=2 l=  30 cons:       SEQUENCE
  381:d=7  hl=2 l=  13 prim:        UTCTIME           :090303125815Z
  396:d=7  hl=2 l=  13 prim:        UTCTIME           :240303125815Z
  411:d=6  hl=3 l= 131 cons:       SEQUENCE
  414:d=7  hl=2 l=  11 cons:        SET
  416:d=8  hl=2 l=   9 cons:         SEQUENCE
  418:d=9  hl=2 l=   3 prim:          OBJECT            :countryName
  423:d=9  hl=2 l=   2 prim:          PRINTABLESTRING   :PL
  427:d=7  hl=2 l=  34 cons:        SET
  429:d=8  hl=2 l=  32 cons:         SEQUENCE
  431:d=9  hl=2 l=   3 prim:          OBJECT            :organizationName
  436:d=9  hl=2 l=  25 prim:          PRINTABLESTRING   :Unizeto Technologies S.A.
  463:d=7  hl=2 l=  39 cons:        SET
  465:d=8  hl=2 l=  37 cons:         SEQUENCE
  467:d=9  hl=2 l=   3 prim:          OBJECT            :organizationalUnitName
  472:d=9  hl=2 l=  30 prim:          PRINTABLESTRING   :Certum Certification Authority
  504:d=7  hl=2 l=  39 cons:        SET
  506:d=8  hl=2 l=  37 cons:         SEQUENCE
  508:d=9  hl=2 l=   3 prim:          OBJECT            :commonName
  513:d=9  hl=2 l=  30 prim:          PRINTABLESTRING   :Certum Time-Stamping Authority
  545:d=6  hl=4 l= 290 cons:       SEQUENCE
  549:d=7  hl=2 l=  13 cons:        SEQUENCE
  551:d=8  hl=2 l=   9 prim:         OBJECT            :rsaEncryption
  562:d=8  hl=2 l=   0 prim:         NULL
  564:d=7  hl=4 l= 271 prim:        BIT STRING
  839:d=6  hl=2 l= 105 cons:       cont [ 3 ]
  841:d=7  hl=2 l= 103 cons:        SEQUENCE
  843:d=8  hl=2 l=  22 cons:         SEQUENCE
  845:d=9  hl=2 l=   3 prim:          OBJECT            :X509v3 Extended Key Usage
  850:d=9  hl=2 l=   1 prim:          BOOLEAN           :255
  853:d=9  hl=2 l=  12 prim:          OCTET STRING
  867:d=8  hl=2 l=  44 cons:         SEQUENCE
  869:d=9  hl=2 l=   3 prim:          OBJECT            :X509v3 CRL Distribution Points
  874:d=9  hl=2 l=  37 prim:          OCTET STRING
  913:d=8  hl=2 l=  31 cons:         SEQUENCE
  915:d=9  hl=2 l=   3 prim:          OBJECT            :X509v3 Subject Alternative Name
  920:d=9  hl=2 l=  24 prim:          OCTET STRING
  946:d=5  hl=2 l=  13 cons:      SEQUENCE
  948:d=6  hl=2 l=   9 prim:       OBJECT            :sha1WithRSAEncryption
  959:d=6  hl=2 l=   0 prim:       NULL
  961:d=5  hl=4 l= 257 prim:      BIT STRING
 1222:d=3  hl=4 l= 582 cons:    SET
 1226:d=4  hl=4 l= 578 cons:     SEQUENCE
 1230:d=5  hl=2 l=   1 prim:      INTEGER           :01
 1233:d=5  hl=2 l=  69 cons:      SEQUENCE
 1235:d=6  hl=2 l=  62 cons:       SEQUENCE
 1237:d=7  hl=2 l=  11 cons:        SET
 1239:d=8  hl=2 l=   9 cons:         SEQUENCE
 1241:d=9  hl=2 l=   3 prim:          OBJECT            :countryName
 1246:d=9  hl=2 l=   2 prim:          PRINTABLESTRING   :PL
 1250:d=7  hl=2 l=  27 cons:        SET
 1252:d=8  hl=2 l=  25 cons:         SEQUENCE
 1254:d=9  hl=2 l=   3 prim:          OBJECT            :organizationName
 1259:d=9  hl=2 l=  18 prim:          PRINTABLESTRING   :Unizeto Sp. z o.o.
 1279:d=7  hl=2 l=  18 cons:        SET
 1281:d=8  hl=2 l=  16 cons:         SEQUENCE
 1283:d=9  hl=2 l=   3 prim:          OBJECT            :commonName
 1288:d=9  hl=2 l=   9 prim:          PRINTABLESTRING   :Certum CA
 1299:d=6  hl=2 l=   3 prim:       INTEGER           :047A55
 1304:d=5  hl=2 l=   9 cons:      SEQUENCE
 1306:d=6  hl=2 l=   5 prim:       OBJECT            :sha1
 1313:d=6  hl=2 l=   0 prim:       NULL
 1315:d=5  hl=3 l= 215 cons:      cont [ 0 ]
 1318:d=6  hl=2 l=  26 cons:       SEQUENCE
 1320:d=7  hl=2 l=   9 prim:        OBJECT            :contentType
 1331:d=7  hl=2 l=  13 cons:        SET
 1333:d=8  hl=2 l=  11 prim:         OBJECT            :id-smime-ct-TSTInfo
 1346:d=6  hl=2 l=  28 cons:       SEQUENCE
 1348:d=7  hl=2 l=   9 prim:        OBJECT            :signingTime
 1359:d=7  hl=2 l=  15 cons:        SET
 1361:d=8  hl=2 l=  13 prim:         UTCTIME           :120318141833Z
 1376:d=6  hl=2 l=  35 cons:       SEQUENCE
 1378:d=7  hl=2 l=   9 prim:        OBJECT            :messageDigest
 1389:d=7  hl=2 l=  22 cons:        SET
 1391:d=8  hl=2 l=  20 prim:         OCTET STRING
 1413:d=6  hl=2 l= 118 cons:       SEQUENCE
 1415:d=7  hl=2 l=  11 prim:        OBJECT            :id-smime-aa-signingCertificate
 1428:d=7  hl=2 l= 103 cons:        SET
 1430:d=8  hl=2 l= 101 cons:         SEQUENCE
 1432:d=9  hl=2 l=  99 cons:          SEQUENCE
 1434:d=10 hl=2 l=  97 cons:           SEQUENCE
 1436:d=11 hl=2 l=  20 prim:            OCTET STRING
 1458:d=11 hl=2 l=  73 cons:            SEQUENCE
 1460:d=12 hl=2 l=  66 cons:             SEQUENCE
 1462:d=13 hl=2 l=  64 cons:              cont [ 4 ]
 1464:d=14 hl=2 l=  62 cons:               SEQUENCE
 1466:d=15 hl=2 l=  11 cons:                SET
 1468:d=16 hl=2 l=   9 cons:                 SEQUENCE
 1470:d=17 hl=2 l=   3 prim:                  OBJECT            :countryName
 1475:d=17 hl=2 l=   2 prim:                  PRINTABLESTRING   :PL
 1479:d=15 hl=2 l=  27 cons:                SET
 1481:d=16 hl=2 l=  25 cons:                 SEQUENCE
 1483:d=17 hl=2 l=   3 prim:                  OBJECT            :organizationName
 1488:d=17 hl=2 l=  18 prim:                  PRINTABLESTRING   :Unizeto Sp. z o.o.
 1508:d=15 hl=2 l=  18 cons:                SET
 1510:d=16 hl=2 l=  16 cons:                 SEQUENCE
 1512:d=17 hl=2 l=   3 prim:                  OBJECT            :commonName
 1517:d=17 hl=2 l=   9 prim:                  PRINTABLESTRING   :Certum CA
 1528:d=12 hl=2 l=   3 prim:             INTEGER           :047A55
 1533:d=5  hl=2 l=  13 cons:      SEQUENCE
 1535:d=6  hl=2 l=   9 prim:       OBJECT            :rsaEncryption
 1546:d=6  hl=2 l=   0 prim:       NULL
 1548:d=5  hl=4 l= 256 prim:      OCTET STRING