Repository of Timestamp Public Key Certificates

 

Contents

Here is other Repository information.

Current Timestamp public keys 

  ECC-NIST ECC-Brainpool RSA  
DigiStamp Root CA Certificate certificate certificate certificate  
Certificate's SHA-1
605c4f9c4a28e0284b12
3ae2b35be7e1cbe77f7b
4b8c0d101f521648b148
4becac7a8f9f86d47ce0
b17c8dfb0ce68c5e89d1
9c062dc5668e081d456d
 

 

Robots - Audit Certificates
       
TSA 1
certificate certificate certificate  
TSA 2
certificate certificate certificate  
TSA 3
certificate certificate certificate  
Root CA and all Audit
bundled in PEM bundled in PEM bundled in PEM bundle all
algorithms

 

Curent Timestamp certificates
these are changed about every 6 mos.
       
TSA 1 . Timestamp Common
certificate certificate certificate replaced 2018.04.28
TSA 2 . Timestamp Common
certificate
certificate certificate
replaced 2018.05.12 
TSA 1 . Timestamp Long
certificate certificate certificate  
TSA 2 . Timestamp Long
certificate
certificate
certificate
 

The prior / older Public Key certificates are here.

What are Certificates?

The public keys are provided for independent verification of the timestamps created by the DigiStamp timestamp servers. Each public key is provided as a standard x.509 certificate. The public keys are used to verify the digital signature contained in a timestamp. These certificates are commonly contained within each timestamp and they are also provided here for convenience.

 

Click here for additional information about what you need to verify a timestamp. 

DigiStamp Root CA Certificate

The root certificate can be downloaded and added to your software. For example, Adobe Acrobat signing tools.

What does all this mean?: ECC, NIST, RSA

We suggest you use of ECC-NIST, but you have choices. These are 3 different encryption algorithms, you can choose which one is used to create your timestamps.

 

Details:

 

The choice is between the RSA or two elliptic curve options of ECC-NIST (NIST Recommended) or ECC-BP (Brainpool) is nebulous; "USA" versus "EU" preference is "USA" compared to "EU" preference is one perspective. The NIST curves currently have wider acceptance; for example, Brainpool is not currently supported in Adobe products, but it is in Microsoft products. Your DigiStamp account setting was setup to use ECC-NIST and if choose otherwise then you need to make a change to that setting to your account click here, at the bottom of the page see "timestamp type".

Timestamp key life cycle 

The timestamp key-pairs are replaced frequently within the certified hardware device. The frequency is one year or after one million timestamps are created with the key-pair. Each event of "rekeying of the TSA key" results in the cryptographic module creating and signing a new x.509 public key certificate. The previous timestamp private key is destroyed at the time of rekeying. The timestamps created with that private key are authenticated using the x.509 public key certificate. More details are here where we describe that the timestamp private key cannot be extracted from the certified hardware device.

Names and addresses of the Timestamp Servers

The time stamp servers are available to generate production time stamps:

Best choice, find a location for me:  

https://www.digistamp.com/TSA at IP address 50.56.178.147

Specific servers:

"TSA1" -https://tsa1.digistamp.com/TSA at IP address 38.135.35.138

"TSA2" - https://tsa2.digistamp.com/TSA at IP address 68.70.162.26

 

The above servers use HTTP authentication using your DigiStamp account credentials. Use of SSL (https:) is optional.

 

If you are using IP-Based Authentication (instead of the typical HTTP authentication) then login to your DigiStamp account and enable DigiStamp's IP-based Authentication option here toward the bottom of the page. This records your Internet Global IP address to identify your requests. This IP address will change with different Internet connections, so you may need to return to your account settings to update this value.  Then the names above are changed like this:

"TSA"  becomes:  "ipauth/tsa"
Example:   http://www.digistamp.com/ipauth/tsa