Timestamping Enricher#
Module type
Generates RFC3161-compliant timestamp tokens using Time Stamp Authorities (TSA) for archived files.
Features#
Creates timestamp tokens to prove the existence of files at a specific time, useful for legal and authenticity purposes.
Aggregates file hashes into a text file and timestamps the concatenated data.
Uses multiple Time Stamp Authorities (TSAs) to ensure reliability and redundancy.
Validates timestamping certificates against trusted Certificate Authorities (CAs) using the
certifitrust store.
Notes#
Should be run after the
hash_enricherto ensure file hashes are available.Requires internet access to interact with the configured TSAs.
Configuration Options#
YAML#
# steps configuration
steps:
...
enrichers:
- timestamping_enricher
...
# module configuration
...
timestamping_enricher:
tsa_urls:
- http://timestamp.identrust.com
- http://timestamp.ssl.trustwave.com
- http://zeitstempel.dfn.de
- http://ts.ssl.com
- http://tsa.lex-persona.com/tsa
- http://tss.cnbs.gob.hn/TSS/HttpTspServer
- http://dss.nowina.lu/pki-factory/tsa/good-tsa
cert_authorities:
allow_selfsigned: false
Command Line:#
Option |
Description |
Default |
Type |
|---|---|---|---|
|
Optional. List of RFC3161 Time Stamp Authorities to use, separate with commas if passed via the command line. |
[‘http://timestamp.identrust.com’, ‘http://timestamp.ssl.trustwave.com’, ‘http://zeitstempel.dfn.de’, ‘http://ts.ssl.com’, ‘http://tsa.lex-persona.com/tsa’, ‘http://tss.cnbs.gob.hn/TSS/HttpTspServer’, ‘http://dss.nowina.lu/pki-factory/tsa/good-tsa’] |
string |
|
Optional. Path to a file containing trusted Certificate Authorities (CAs) in PEM format. If empty, the default system authorities are used. |
None |
string |
|
Optional. Whether or not to allow and save self-signed Timestamping certificates. This allows for a greater range of timestamping servers to be used, but they are not trusted authorities |
False |
bool |