Skip to content

Timestamp considerations

Timestamping is the process of securely keeping track of the creation and modification times of documents. It is used to demonstrate the existence of some information before a certain date, making it impossible for the owner of such information to modify it without compromising the timestamp applied.

A timestamp is generated when a signing process is completed. The Timestamp Authority used is FNMT.

Once this process is done, the user can request all the files and evidences together with the timestamp files, or only the timestamp files in the endpoint GET signature_request/{signature_request_id}/files. That could be used to verify the integrity of the evidences in the future.

Timestamp information

If the user has made use of the timestamp feature of eSign, the user can retrieve information about the timestamp, such as when the evidences were signed, used encryption algorithm or extra information about the TSA.

To retrieve these information, the user will have to run the following command (just for linux users):

openssl ts -reply -in TimestampResponse-{TSA}.tsr -text

where {TSA} is the Timestamp Authority used in the process.

Timestamp verification

The user can also verify that the evidences have not been altered after the date the timestamp vouches for with the timestamp request and timestamp response files (.tsq and .tsr) returned as follows:

  1. Download the TSA certificates

    https://www.sede.fnmt.gob.es/documents/10445900/10526749/AC_Raiz_FNMT-RCM_SHA256.cer

    https://www.sede.fnmt.gob.es/documents/10445900/10526749/AC_Unidades_Sellado_Tiempo.cer

  2. Convert certificates (for linux users)

    openssl x509 -inform der -in AC_Raiz_FNMT-RCM_SHA256.cer -out fnmt.pem

    openssl x509 -inform der -in AC_Unidades_Sellado_Tiempo.cer -out fnmt.crt

  3. Verify the integrity of the process (for linux users)

    openssl ts -verify -in TimestampResponse-fnmt.tsr -queryfile TimestampRequest-fnmt.tsq -CAfile fnmt.pem -untrusted fnmt.crt