Savyint TSA

Timestamps are sequences of characters containing a precise date and time,
generated by a Time Stamping Authority (TSA) such as SAVYINT

Enhancing the legal value of your document even when digital certificates have expired

Key Functions of the Time Stamping Authority Service

Proving time is important in high valued transactions and critical for businesses creating digital signatures for long-term perseverance. Without cryptographic timestamps, digital signatures can’t be trusted as they cannot be accepted in the long term. Timestamp servers provide proof of data existence at a particular point in time using cryptography. A Timestamp Authority acts as a pivotal role in ensuring all the cryptographic objects identified during digital signature creation remains valid be it digital certificates, CRL or OCSP. This is done by embedding RFC 3161 based cryptographic timestamps inside business documents or transactions. With the emergence of elDAS regulation, allowing cross border digital signature acceptability, TSAs have now become a corner stone in the evolving digital trust landscape.

Fully meets all functionalities
Supports creation of advanced digital signatures based on IETF and ETSI standards including XAdES-T, CAdES-T, PAdES-T supporting ETSI EN 319 421; ETSI EN 319 422 and RFC 3161. Works seamlessly with wide range of business apps to integrate timestamping i.e. Adobe Acrobat, Microsoft Office, SignTool etc.
Keeping in view businesses having differen cryptographic needs, signing serve supports diverse cryptographic
Requirements such as: RSA (2048, 4096, 8192), ECDSA (192, 224, 256, 320, 384, 512), SHA-256, 384 and 512
Software support database inculde (Postgres, Oracle, MySQL)
Timestamp Server records all incoming transactions for detailed analysis with unique identifiers (marked by CPU serial no + unique no). Administrator can also download and investigate request/responses on the fly

These figures were obtained using the Savyint PKI Box with Inside HSM XC Solo Base, a high-performance hardware security module. They highlight the scalability and reliability of the TSA infrastructure in handling cryptographic operations.

Time Stamp Protocol and Profiles

TSA Server is fully compliant with the requirements of the IETF RFC 3161, RCC 5816 specification on Time Stamp Protocols (TSP). It also supports Microsoft Authenticode protocols and timestamp issuance.

In addition TSA Server satisfies the Time Stamp Profile standard ETSI TS 101 861 V1.2.1 (2002-03). This constrains RFC 3161, RFC 5816 and specifies the naming structure used to identify the issuing TSP server and the minimum set of algorithms and key lengths that TSP clients and servers must support. TSA Server supports these requirements as well as other algorithms and longer key lengths.

PKI TSA Server Service Details

The PKI TSA Server supply TSA Service is an RFC3161, RFC 5816 compliant timestamping module that produces signed timestamp tokens to prove that particular data objects existed at a particular moment in time.

The TSA service takes advantage of common PKI TSA Server management features and provides considerable value in authenticating access to the service, authorizing or rejecting access attempts, managing the Timestamp Protocol (TSP) transactions, recording the requests and responses and providing detailed management information that can be used for audit and for commercial purposes.

A suitable time source is required, e.g. Secure NTP servers, time services from GPS hardware or systems linked to a time authority. There are various providers of NTP Server appliances that provide very accurate and reliable time. The way time is managed and trusted to be accurate must be documented in a TSA Policy and Practice Statement. Ascertia can advise on creating this document if required.

TSA Server can operate as a fully stand-alone Timestamp Authority or High availability mode with clustering/load balancing:

When the TSA Server service is used in proxy mode, it still provides value in authenticating access, authorizing the access, managing the Timestamp Protocol (TSP) transactions and recording these for management information reporting and thus providing detailed management information for commercial operations. An archive of issued timestamp tokens is also provided within the transaction logs.