Provides classes and methods to request, create and validateRFC3161-compliant timestamps.Request may be used to either create requests from scratch or to parse existing requests that again can be used to request timestamps from a timestamp server, e.g. via the net/http. The resulting timestamp response may be parsed usingResponse.

Please note thatResponse is read-only and immutable. To create aResponse, an instance ofFactory as well as a validRequest are needed.

Create a Response:¶↑

#Assumes ts.p12 is a PKCS#12-compatible file with a private key#and a certificate that has an extended key usage of 'timeStamping'p12 =OpenSSL::PKCS12.new(File.binread('ts.p12'),'pwd')md =OpenSSL::Digest.new('SHA1')hash =md.digest(data)#some binary data to be timestampedreq =OpenSSL::Timestamp::Request.newreq.algorithm ='SHA1'req.message_imprint =hashreq.policy_id ="1.2.3.4.5"req.nonce =42fac =OpenSSL::Timestamp::Factory.newfac.gen_time =Time.nowfac.serial_number =1timestamp =fac.create_timestamp(p12.key,p12.certificate,req)

Verify a timestamp response:¶↑

#Assume we have a timestamp token in a file called ts.derts = OpenSSL::Timestamp::Response.new(File.binread('ts.der'))#Assume we have the Request for this token in a file called req.derreq = OpenSSL::Timestamp::Request.new(File.binread('req.der'))# Assume the associated root CA certificate is contained in a# DER-encoded file named root.cerroot = OpenSSL::X509::Certificate.new(File.binread('root.cer'))# get the necessary intermediate certificates, available in# DER-encoded form in inter1.cer and inter2.cerinter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails