On Wed, Oct 03, 2007 at 10:40:28PM +0200, G?bri M?t? wrote: > Yes, but i wan't to solve this without an outsider for practical reasons. > > Gabri Mate > [EMAIL PROTECTED] > DUOSOL Bt. > http://www.duosol.hu > > > Joachim Schipper mrta: > > On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote: > >> Hey there! > >> > >> I've read a lot about timestamping a document, but dunno how it works in > >> practice. How can i apply a timestamp to a digitally signed or encrypted > >> document? Like i encrypt or sign a document with gnupg, but before the > >> process how can i timestamp it? > >> Sorry for the stupid question but i really can't imagine it. > > > > The Big G is your friend [1]: > > > > http://www.itconsult.co.uk/stamper.htm > > > > (Obviously, one could sent them a hash instead of the original if one > > were afraid of sending data unencrypted over the net.) > > > > Joachim > > > > [1] Trust The Computer. The Computer is Your Friend. > iD8DBQFHA/488najRxwF9nkRAk/sAKCFzKm7tBxsNHwFCYFdtHP8NWClXwCbBWcC > jHWm4T+Eimk1p1ZQ2GyoKqc= > =s5sI > -----END PGP SIGNATURE-----
Perhaps off-topic, but do consider improving your signal-to-noise ratio; I count one useful, albeit misspelled, line - remove the (non-delimited) sig, broken PGP signature, and useless cruft from replied messages. What you want to do is a lot more complicated. The easiest solution I can think of is chaining. For instance, given data_1, data_2, ..., data_n which must be signed on date_1, date_2, ..., date_n, define hash_0 = SOME_VALUE hash_i+1 = f(hash_i ++ data_i+1 ++ date_i+1) Here, f() is a hash function, for instance RIPEMD-160 or SHA2-256, and ++ denotes some mixing operation (XOR might be a good bet). Suppose you provide someone with frequent values of hash_i. If you later make a false claim about either data_j or date_j, and the other person has hash_i, hash_k, data_1, ..., data_k, and date_i, ..., date_k,, where i < j <= k, then you would be quickly found out. Of course, more sophisticated algorithms can do the same thing, but without revealing quite this much. Go read a good book; Practical Cryptography provides a good overview. Joachim Disclaimer: I am not a cryptographer, crypto is hard, and I'm tired. So no guarantees that the above actually works. -- PotD: x11/matchbox/matchbox-window-manager - window manager with a classic pda management policy