TU 2 PKI > Timestamping > Flashcards

Timestamping Flashcards

(5 cards)

Study These Flashcards
1
Q

Time-Stamping Authority

A
  • Supports assertions of proof that a datum existed before a particular time
  • May be operated as a Trusted Third Party service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TSA requirements

A
  1. Use trustworthy source of time
  2. Produce a time stamp token upon receiving a valid request
  3. In each time stamp include:
    -> trustworthy time value
    -> unique integer (serial number)
    -> identifier for the security policy under which the token was created
  4. Only time stamp a hash representation of the datum, i.e., a data imprint associated with a one-way collision resistant hash-function uniquely identified by an OID
  5. Examine the OID of the hash-function and verify that the hash value length is consistent with the hash algorithm
  6. Not to examine the imprint being time-stamped in any way (other than to check its length, as specified in the previous bullet)
  7. Not to include any identification of the requesting entity in the time stamp tokens
  8. Sign time stamp tokens using a key reserved for this purpose. The purpose must be indicated on the corresponding certificate.
  9. Include additional information in the time stamp token, if asked by the requester using the extensions field, only for the extensions that are supported by the TSA. If this is not possible, the TSA shall respond with an error message.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Structure of a time-stamping request

A
  • version
  • message imprint: hash value + OID of hash algorithm
  • reqPolicy (optional): Policy under which time-stamp should be issued
  • nonce (optional)
  • certReq (optional): default false, indicates whether to include TSA certificates into response
  • extensions (optional)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Structure of a time-stamping response

A
  • status
    -> status
    -> statusString (optional)
    -> failInfo (optional): Reason for rejection
  • timeStampToken
    -> version
    -> policy
    -> message imprint
    -> serial
    -> genTime
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CAdES versions

A
  • C: Purpose store references of the certification path, CRLs, OCSP answers at signature time (ermöglicht offline Verifikation und Verifikation in Zukunft)
  • X Long: Store the references of the revocation data and this data itself (ermöglicht Verifikation in Zukunft auch wenn original nicht verfügbar ist)
  • X: Fügt time stamps für Schutz hinzu
  • A: periodische Zeitstempel (Schutz vor Kompromittierung veralteter Algorithmen)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
TU 2 PKI
flashcards
Decks in class (11)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions