JankariTechUG/GitTrustedTimestamps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Added simplified schematic and updated Documentation

Browse Source
This commit is contained in:
Matthias Bühlmann
2021-02-17 14:11:54 +01:00
parent a51d246472
commit 408fd212fe
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -30,7 +30,7 @@ The design goals of this implementation are
- using only "vanilla" git features to add the timestamps in order to stay as forward compatible as possible
- to not rely on new binaries (which would need to be trusted too). The software therefore is implemented as bash scripts and uses OpenSSL (https://www.openssl.org/) and git itself for all cryptographic operations.
A further goal was to leverage the inherent Merkle-Tree based design of git in order to create a tamperproof repository archive where all no history can be rewritten without being noticed.
A further goal was to leverage the inherent Merkle-Tree based design of git in order to create a tamperproof repository archive where no history can be rewritten without being noticed.
By embedding the timestamps in the commit history, they form a hash-chain and thus new timestamps will cryptographically *seal* older ones and thereby additionally protect them from some forms of future invalidation.
# Merkle-Tree layout
@@ -38,6 +38,9 @@ By embedding the timestamps in the commit history, they form a hash-chain and th
The design leverages git's Merkle-Tree layout and embeds the timestmaps in the commit history, making them form a hash-chain that prevents later changes without being noticed.
![Merkle-Tree](./docs/schematic.svg)
Or as a further simplified schematic:
![Merkle-Tree](./docs/schematic_simplified.svg)
# What are RFC3161 and RFC5816 Timestamps
RFC3161 (https://tools.ietf.org/html/rfc3161) and its extension RFC5816 (https://tools.ietf.org/html/rfc5816) are protocol specifications timestamp data using cryptographically secure tokens issued by an external, trusted third party TSA (Time Stamping Authority). By timestamping data this way, it is possible to prove to anyone who trusts this TSA service that the data existed already at the time of timestamping and has not been tampered with ever since. Only a secure hash of the data, without any identification, is being sent to the TSA service, so the data itself remains secret.