RFC 3161 TSA Public key certificates

Strong evidence for data authentication

Repository of Timestamp Public Key Certificates, Policy and license

Contents

		End-user license agreement
		Incident reports that could impact verification of time stamps
		Current Public Key certificates
		History of Public Key certificates
		Root certificate and how public keys are organized
		Web addresses / URL for time stamp servers
		Test / Evaluation TSA public key certificates

Current Time Stamp public keys

	You can download these public keys over a SSL connection here. We replace certificates and signing keys about every 6 months. The prior / older Public Key certificates are here.
	Time-stamp public key certificate for " TSA 1 "
	Server's External Audit certificate DGS92.cer Time stamp certificate DGS92.32770.cer (new as of September 27, 2011)
	Time-stamp public key certificate for " TSA 2 "
	Server's External Audit certificate DGS91.cer Time stamp certificate DGS91.32779.cer (new as of August 18, 2011)

Root Certificate

The public keys are provided for independent verification of the time stamps created by the DigiStamp time stamp servers. Each public key is provided as a standard x.509 certificate. The public keys are used to verify the digital signature contained in a time stamp. These certificates are commonly contained within each time stamp and they are also provided here for convenience.

Click here for additional information about what you need to verify a time stamp.

Time Stamp server Root Certificate
The root certificate can be downloaded and added to your software. For example, import the certificate to your Internet browser or Adobe Acrobat signing tools.
The DigiStamp root certificate:

DGSca80.cer The certificate's SHA-1 value

is used for confirmation in some software:

9a048ed85eec7c802eeb

bbb7c91792d7aae45136

Alternatively, the Root Certificate and collection of Server Audit Certifcates can be downloaded in a single PEM file digistamp.pem .

To review your options for integrating the chain of authority of these certificates with your enterprise CA then click here.

Time Stamp key life cycle

The time stamp key-pairs are replaced frequently within the certified hardware device. The frequency is one year or after one million time stamps are created with the key-pair. Each event of "rekeying of the TSA key" results in the cryptographic module creating and signing a new x.509 public key certificate. The previous time stamp private key is destroyed at the time of rekeying. The time stamps created with that private key are authenticated using the x.509 public key certificate. More details are here where we describe that the time stamp private key cannot be extracted from the certified hardware device.

Names and addresses of the Time-Stamp Servers


	The time stamp servers are available to generate production time stamps: "TSA1" - https://tsa1.digistamp.com/TSA at IP address 66.18.15.156 "TSA2" - https://tsa2.digistamp.com/TSA at IP address 67.37.170.130 The above servers use HTTP authentication to your DigiStamp account. Use of SSL (https:) is optional.