sigstore-tsa

RFC 3161 Time-Stamp Protocol client for sigstore-rust.

Overview

This crate implements the Time-Stamp Protocol as specified in RFC 3161. It provides functionality to request timestamps from Time-Stamp Authorities (TSAs) and verify timestamp responses.

Timestamps provide trusted third-party evidence of when a signature was created, which is essential for verifying signatures after the signing certificate has expired.

Features

• Timestamp requests: Create and send RFC 3161 timestamp requests
• Response parsing: Parse and validate timestamp responses
• Timestamp verification: Verify timestamp tokens against TSA certificates
• Multiple TSAs: Built-in support for Sigstore TSA and FreeTSA

Usage

use sigstore_tsa::TimestampClient;

// Get a timestamp from the Sigstore TSA
let client = TimestampClient::sigstore();
let timestamp_token = client.timestamp_sha256(&digest).await?;

// Or use the convenience function
let token = sigstore_tsa::timestamp_sigstore(&digest).await?;

ASN.1 Types

The crate provides ASN.1/DER types for RFC 3161 structures:

• TimeStampReq - Timestamp request
• TimeStampResp - Timestamp response
• TstInfo - Timestamp token info
• Asn1MessageImprint - Hash algorithm and digest (ASN.1 format)

Related Crates

Used by:

• sigstore-sign - Requests timestamps during signing
• sigstore-verify - Verifies timestamps in bundles

License

BSD-3-Clause