# Timestamping Enricher ```{admonition} Module type [enricher](/core_modules.md#enricher-modules) ``` Generates RFC3161-compliant timestamp tokens using Time Stamp Authorities (TSA) for archived files. ### Features - Creates timestamp tokens to prove the existence of files at a specific time, useful for legal and authenticity purposes. - Aggregates file hashes into a text file and timestamps the concatenated data. - Uses multiple Time Stamp Authorities (TSAs) to ensure reliability and redundancy. - Validates timestamping certificates against trusted Certificate Authorities (CAs) using the `certifi` trust store. ### Notes - Should be run after the `hash_enricher` to ensure file hashes are available. - Requires internet access to interact with the configured TSAs. ## Configuration Options ### YAML ```{code} yaml # steps configuration steps: ... enrichers: - timestamping_enricher ... # module configuration ... timestamping_enricher: tsa_urls: - http://timestamp.identrust.com - http://timestamp.ssl.trustwave.com - http://zeitstempel.dfn.de - http://ts.ssl.com - http://tsa.lex-persona.com/tsa - http://tss.cnbs.gob.hn/TSS/HttpTspServer - http://dss.nowina.lu/pki-factory/tsa/good-tsa cert_authorities: allow_selfsigned: false ``` ### Command Line: | Option | Description | Default | Type| | --- | --- | --- | --- | | `timestamping_enricher.tsa_urls` | Optional. List of RFC3161 Time Stamp Authorities to use, separate with commas if passed via the command line. | ['http://timestamp.identrust.com', 'http://timestamp.ssl.trustwave.com', 'http://zeitstempel.dfn.de', 'http://ts.ssl.com', 'http://tsa.lex-persona.com/tsa', 'http://tss.cnbs.gob.hn/TSS/HttpTspServer', 'http://dss.nowina.lu/pki-factory/tsa/good-tsa'] | string | | `timestamping_enricher.cert_authorities` | Optional. Path to a file containing trusted Certificate Authorities (CAs) in PEM format. If empty, the default system authorities are used. | None | string | | `timestamping_enricher.allow_selfsigned` | Optional. Whether or not to allow and save self-signed Timestamping certificates. This allows for a greater range of timestamping servers to be used, but they are not trusted authorities | False | bool | [API Reference](../../../autoapi/timestamping_enricher/index)