On Wed, Oct 03, 2007 at 10:40:28PM +0200, G?bri M?t? wrote:
> Yes, but i wan't to solve this without an outsider for practical reasons.
>
> Gabri Mate
> [EMAIL PROTECTED]
> DUOSOL Bt.
> http://www.duosol.hu
>
>
> Joachim Schipper mrta:
> > On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
> >> Hey there!
> >>
> >> I've read a lot about timestamping a document, but dunno how it works in
> >> practice. How can i apply a timestamp to a digitally signed or encrypted
> >> document? Like i encrypt or sign a document with gnupg, but before the
> >> process how can i timestamp it?
> >> Sorry for the stupid question but i really can't imagine it.
> >
> > The Big G is your friend [1]:
> >
> > http://www.itconsult.co.uk/stamper.htm
> >
> > (Obviously, one could sent them a hash instead of the original if one
> > were afraid of sending data unencrypted over the net.)
> >
> > Joachim
> >
> > [1] Trust The Computer. The Computer is Your Friend.
> iD8DBQFHA/488najRxwF9nkRAk/sAKCFzKm7tBxsNHwFCYFdtHP8NWClXwCbBWcC
> jHWm4T+Eimk1p1ZQ2GyoKqc=
> =s5sI
> -----END PGP SIGNATURE-----
Perhaps off-topic, but do consider improving your signal-to-noise ratio;
I count one useful, albeit misspelled, line - remove the (non-delimited)
sig, broken PGP signature, and useless cruft from replied messages.
What you want to do is a lot more complicated. The easiest solution I
can think of is chaining. For instance, given data_1, data_2, ...,
data_n which must be signed on date_1, date_2, ..., date_n, define
hash_0 = SOME_VALUE
hash_i+1 = f(hash_i ++ data_i+1 ++ date_i+1)
Here, f() is a hash function, for instance RIPEMD-160 or SHA2-256, and
++ denotes some mixing operation (XOR might be a good bet).
Suppose you provide someone with frequent values of hash_i. If you later
make a false claim about either data_j or date_j, and the other person
has hash_i, hash_k, data_1, ..., data_k, and date_i, ..., date_k,, where
i < j <= k, then you would be quickly found out.
Of course, more sophisticated algorithms can do the same thing, but
without revealing quite this much. Go read a good book; Practical
Cryptography provides a good overview.
Joachim
Disclaimer: I am not a cryptographer, crypto is hard, and I'm tired. So
no guarantees that the above actually works.
--
PotD: x11/matchbox/matchbox-window-manager - window manager with a
classic pda management policy
