The TSA Client contains two components:
- .NET 6 executable CLI tool
- .NET Standard 2.0 library
Using BouncyCastle-PCL it can create a TSQ and validate the TSR (RFC 3161) that comes from a third party SaaS TSA (like freeTSA.org).
tsac --file source.file --tsa https://freetsa.org/tsr --tsq source.tsq --tsr source.tsr --token source.tst
This will create a timestamp response (SHA512) for the file source.file and write some files:
source.tsq: The timestamp requestsource.tsr: The timestamp responsesource.tst: The timestamp token
The response is validated already at this point.
The parameters tsq, tsr and token are optional - anyway, you may want to use tsr at last.
Validate a TSR against the TSQ:
tsac --tsq source.tsq --tsr source.tsr
Validate a TSR against the source data:
tsac --file source.file --tsr source.tsr
Validate the timestamp token signer certificate:
tsac --tsr source.tsr --cert /path/to/signer.crt
Validate the source data and the timestamp token signer certificate:
tsac --file source.file --tsr source.tsr --cert /path/to/signer.crt
TSQ:
tsac --tsq source.tsq -tsqInfo
TSR:
tsac --tsr source.tsr -tsrInfo
Timestamp token:
tsac --token source.tst -tokenInfo
For a full list of parameters and their descriptions (including more examples):
tsac -help
The library exports the static class TSA, which is a high level wrapper for the BouncyCastle-PCL API:
using wan24.TSAClient;
// Create a TSQ (using SHA512 and including the signer certificates)
byte[] tsq = TSA.CreateRequest("source.file");
// Request the TSR
byte[] tsr = TSA.SendRequest(tsq, "https://freetsa.org/tsr");
// Validate the TSR
TSA.ValidateResponse(tsq, tsr);
// Validate the source data
TSA.ValidateSourceTsr("source.file", tsr);
// Extract the timestamp token
byte[] token = TSA.ExtractToken(tsr);
// Validate the source data using the timestamp token
TSA.ValidateSourceToken("source.file", token);
// Validate the timestamp token using the X509 signer certificate
TSA.ValidateToken(token, "/path/to/signer.crt");
// Get object information
foreach(string info in TSA.RequestInfo(tsq))
Console.WriteLine($"TSQ: {info}");
foreach(string info in TSA.ResponseInfo(tsr))
Console.WriteLine($"TSR: {info}");
foreach(string info in TSA.TokenInfo(token))
Console.WriteLine($"Timestamp token: {info}");All methods of the TSA class are XML documented. Find the developer reference of the latest release here.
Existing target files will be overwritten!
Per default SHA512 is used as hash algorithm. All possible hash algorithms (to be specified using the --algo [algorithm] parameter):
sha1sha256sha384sha512
Of course the TSA needs to support the chosen hash algorithm, too!
The TSA URI will get the TSQ as application/timestamp-query POST http request and needs to respond the TSR. If the TSA needs authentication f.e., you can use your own HttpWebRequest instance with a pre-configuration (only ContentType and ContentLength will be set when calling SendRequest):
// Request the TSR with a custom request object
using System.Net;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://freetsa.org/tsr");
// Configure req here...
byte[] tsr = TSA.SendRequest(tsq, uri: null, req: req);Find a list of free TSA servers at GitHub.
- initial version
- initial version