Lines Matching +full:timestamp +full:- +full:names
2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-ts - Time Stamping Authority command
11 B<-help>
14 B<-query>
15 [B<-config> I<configfile>]
16 [B<-data> I<file_to_hash>]
17 [B<-digest> I<digest_bytes>]
18 [B<-I<digest>>]
19 [B<-tspolicy> I<object_id>]
20 [B<-no_nonce>]
21 [B<-cert>]
22 [B<-in> I<request.tsq>]
23 [B<-out> I<request.tsq>]
24 [B<-text>]
25 {- $OpenSSL::safe::opt_r_synopsis -}
26 {- $OpenSSL::safe::opt_provider_synopsis -}
29 B<-reply>
30 [B<-config> I<configfile>]
31 [B<-section> I<tsa_section>]
32 [B<-queryfile> I<request.tsq>]
33 [B<-passin> I<password_src>]
34 [B<-signer> I<tsa_cert.pem>]
35 [B<-inkey> I<filename>|I<uri>]
36 [B<-I<digest>>]
37 [B<-chain> I<certs_file.pem>]
38 [B<-tspolicy> I<object_id>]
39 [B<-in> I<response.tsr>]
40 [B<-token_in>]
41 [B<-out> I<response.tsr>]
42 [B<-token_out>]
43 [B<-text>]
44 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
47 B<-verify>
48 [B<-data> I<file_to_hash>]
49 [B<-digest> I<digest_bytes>]
50 [B<-queryfile> I<request.tsq>]
51 [B<-in> I<response.tsr>]
52 [B<-token_in>]
53 [B<-untrusted> I<files>|I<uris>]
54 [B<-CAfile> I<file>]
55 [B<-CApath> I<dir>]
56 [B<-CAstore> I<uri>]
57 {- $OpenSSL::safe::opt_v_synopsis -}
58 {- $OpenSSL::safe::opt_provider_synopsis -}
63 server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A
72 The TSA client computes a one-way hash value for a data file and sends
78 signs them and sends the timestamp token back to the client. By
84 The TSA client receives the timestamp token and verifies the
91 timestamp request to the TSA and one for sending the timestamp response
93 creating a timestamp request based on a data file,
94 creating a timestamp response based on a request, verifying if a
99 requests either by ftp or e-mail.
105 =item B<-help>
109 =item B<-query>
111 Generate a TS query. For details see L</Timestamp Request generation>.
113 =item B<-reply>
115 Generate a TS reply. For details see L</Timestamp Response generation>.
117 =item B<-verify>
119 Verify a TS response. For details see L</Timestamp Response verification>.
123 =head2 Timestamp Request generation
125 The B<-query> command can be used for creating and printing a timestamp
130 =item B<-config> I<configfile>
136 =item B<-data> I<file_to_hash>
138 The data file for which the timestamp request needs to be
139 created. stdin is the default if neither the B<-data> nor the B<-digest>
142 =item B<-digest> I<digest_bytes>
150 =item B<-I<digest>>
153 Any digest supported by the L<openssl-dgst(1)> command can be used.
154 The default is SHA-256. (Optional)
156 =item B<-tspolicy> I<object_id>
159 timestamp token. Either the dotted OID notation or OID names defined
163 =item B<-no_nonce>
166 given. Otherwise, a 64-bit long pseudo-random nonce is
170 =item B<-cert>
175 =item B<-in> I<request.tsq>
177 This option specifies a previously created timestamp request in DER
179 to examine the content of a request in human-readable
182 =item B<-out> I<request.tsq>
187 =item B<-text>
189 If this option is specified the output is human-readable text format
192 {- $OpenSSL::safe::opt_r_item -}
196 =head2 Timestamp Response generation
198 A timestamp response (TimeStampResp) consists of a response status
199 and the timestamp token itself (ContentInfo), if the token generation was
200 successful. The B<-reply> command is for creating a timestamp
201 response or timestamp token based on a request and printing the
202 response/token in human-readable format. If B<-token_out> is not
203 specified the output is always a timestamp response (TimeStampResp),
204 otherwise it is a timestamp token (ContentInfo).
208 =item B<-config> I<configfile>
215 =item B<-section> I<tsa_section>
221 =item B<-queryfile> I<request.tsq>
223 The name of the file containing a DER encoded timestamp request. (Optional)
225 =item B<-passin> I<password_src>
230 =item B<-signer> I<tsa_cert.pem>
238 =item B<-inkey> I<filename>|I<uri>
243 =item B<-I<digest>>
248 =item B<-chain> I<certs_file.pem>
252 the B<-cert> option was used for the request. This file is supposed to
254 issuer upwards. The B<-reply> command does not build a certificate
257 =item B<-tspolicy> I<object_id>
264 =item B<-in> I<response.tsr>
266 Specifies a previously created timestamp response or timestamp token
267 (if B<-token_in> is also specified) in DER format that will be written
270 token or you want to extract the timestamp token from a response. If
271 the input is a token and the output is a timestamp response a default
274 =item B<-token_in>
276 This flag can be used together with the B<-in> option and indicates
277 that the input is a DER encoded timestamp token (ContentInfo) instead
278 of a timestamp response (TimeStampResp). (Optional)
280 =item B<-out> I<response.tsr>
283 file depends on other options (see B<-text>, B<-token_out>). The default is
286 =item B<-token_out>
288 The output is a timestamp token (ContentInfo) instead of timestamp
291 =item B<-text>
293 If this option is specified the output is human-readable text format
296 {- $OpenSSL::safe::opt_engine_item -}
298 {- $OpenSSL::safe::opt_provider_item -}
302 =head2 Timestamp Response verification
304 The B<-verify> command is for verifying if a timestamp response or
305 timestamp token is valid and matches a particular timestamp request or
306 data file. The B<-verify> command does not use the configuration file.
310 =item B<-data> I<file_to_hash>
314 The B<-digest> and B<-queryfile> options must not be specified with this one.
317 =item B<-digest> I<digest_bytes>
321 specified in the token. The B<-data> and B<-queryfile> options must not be
324 =item B<-queryfile> I<request.tsq>
326 The original timestamp request in DER format. The B<-data> and B<-digest>
329 =item B<-in> I<response.tsr>
331 The timestamp response that needs to be verified in DER format. (Mandatory)
333 =item B<-token_in>
335 This flag can be used together with the B<-in> option and indicates
336 that the input is a DER encoded timestamp token (ContentInfo) instead
337 of a timestamp response (TimeStampResp). (Optional)
339 =item B<-untrusted> I<files>|I<uris>
350 =item B<-CAfile> I<file>, B<-CApath> I<dir>, B<-CAstore> I<uri>
352 See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
353 At least one of B<-CAfile>, B<-CApath> or B<-CAstore> must be specified.
355 {- $OpenSSL::safe::opt_v_item -}
363 The B<-query> and B<-reply> commands make use of a configuration file.
366 B<-query> command uses only the symbolic OID names section
367 and it can work without it. However, the B<-reply> command needs the
378 that contains all the options for the B<-reply> command. This default
379 section can be overridden with the B<-section> command line switch. (Optional)
393 and long names are the same when this option is used. (Optional)
404 last timestamp response created. This number is incremented by 1 for
411 all available algorithms. The default value is built-in, you can specify
417 TSA signing certificate in PEM format. The same as the B<-signer>
423 included in the response. The same as the B<-chain> command line
428 The private key of the TSA in PEM format. The same as the B<-inkey>
434 B<-I<digest>> command line option. (Mandatory unless specified on the command
440 policy. The same as the B<-tspolicy> command line option. (Optional)
485 If this variable is set to yes and the B<certs> variable or the B<-chain> option
487 be included, where the B<-chain> option overrides the B<certs> variable.
503 =head2 Timestamp Request
505 To create a timestamp request for F<design1.txt> with SHA-256 digest,
509 openssl ts -query -data design1.txt -no_nonce \
510 -out design1.tsq
512 To create a similar timestamp request with specifying the message imprint
515 openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
516 -no_nonce -out design1.tsq
520 openssl ts -query -in design1.tsq -text
522 To create a timestamp request which includes the SHA-512 digest
527 openssl ts -query -data design2.txt -sha512 \
528 -tspolicy tsa_policy1 -cert -out design2.tsq
530 =head2 Timestamp Response
539 See L<openssl-req(1)>, L<openssl-ca(1)>, and L<openssl-x509(1)> for
544 To create a timestamp response for a request:
546 openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
547 -signer tsacert.pem -out design1.tsr
551 openssl ts -reply -queryfile design1.tsq -out design1.tsr
553 To print a timestamp reply to stdout in human readable format:
555 openssl ts -reply -in design1.tsr -text
557 To create a timestamp token instead of timestamp response:
559 openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
561 To print a timestamp token to stdout in human readable format:
563 openssl ts -reply -in design1_token.der -token_in -text -token_out
565 To extract the timestamp token from a response:
567 openssl ts -reply -in design1.tsr -out design1_token.der -token_out
569 To add 'granted' status info to a timestamp token thereby creating a
572 openssl ts -reply -in design1_token.der -token_in -out design1.tsr
574 =head2 Timestamp Verification
576 To verify a timestamp reply against a request:
578 openssl ts -verify -queryfile design1.tsq -in design1.tsr \
579 -CAfile cacert.pem -untrusted tsacert.pem
581 To verify a timestamp reply that includes the certificate chain:
583 openssl ts -verify -queryfile design2.tsq -in design2.tsr \
584 -CAfile cacert.pem
586 To verify a timestamp token against the original data file:
587 openssl ts -verify -data design2.txt -in design2.tsr \
588 -CAfile cacert.pem
590 To verify a timestamp token against a message imprint:
591 openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
592 -in design2.tsr -CAfile cacert.pem
605 to implement an automatic e-mail based TSA with L<procmail(1)>
614 instance of L<openssl(1)> is trying to create a timestamp
640 The B<-engine> option was deprecated in OpenSSL 3.0.
646 L<openssl-req(1)>,
647 L<openssl-x509(1)>,
648 L<openssl-ca(1)>,
649 L<openssl-genrsa(1)>,
651 L<ossl_store-file(7)>
655 Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.