The PGP Timestamper
An example is the already-mentiond PGP Timestamping service, which provides
users with the ability to timestamp a document or a hash thereof, by having an
independent party create a
dated message, each of them with a unique and consecutive serial number.
To ensure trustworthyness and provide full transparency, daily digests of the
hashes and signatures are then also (a) archived and (b) immediately posted to
anyone wishing to be able to withness and reproduce the stamping process.
A disadvantage of the PGP Timestamper is its archaic interface and the log
delays (several minutes). Also, the signatures are hard to verify by
zeitgitter is inspired by the PGP Timestamper, but trying to as simple to use as
possible in a
The goal of
zeitgitter is to provide as many independent timestamping services as
possible, so a user (or organization) can freely select a subset fulfulling
To establish trust in the service, the source code is made available under an
open source license.
zeitgitter listens on an HTTPS port and awaits
POST requests for signing a tag
or a branch commit. It then returns the appropriate information, ready for the
client to integrate it into its
git repository, from where it then can be
- verified using
git tag -v <tagname> or
git verify-commit <commit>, and/or
- published to other repositories.
At the same time, the timestamping server maintains a log of all commit hashes
signed, in a
git repository itself.
As a result,
- the requester of a timestamp will get immediate confirmation
(a timestamping signature on a tag or branch).
- Later, the timestamper then either cross-timestamps its repository and/or
- This allows third parties to inspect the timestamping server’s operation
and therefore strictly limits the timestamping server’s ability to backdate
anything beyond the cross-timestamping/publication interval.
This allows a compact, energy-efficient basis for many notarization services.
zeitgitter tries to keep
in line with the
slang naming philosophy behind
This software is free software; so you may use it in any way you see
fit, in accordance to the AGPL v3.0 license.
Timestamping has a need to be as transparent as possible. Therefore,
you may want to make information about your timestamping service,
including the running code and its settings, available publicly anyway.
AGPL was chosen to reflect this spirit. Please contact me if you
require other licensing terms.
It is desirable that as many people and organisations as possible do
provide timestamping services. So a user may choose a subset of them
which are mutually independent and generally trustworthy.
Installation and typical usage of the timestamping client is documented in
Wo man es herunterladen kann
Git timestamping client
pip install git-timestamp (je nach OS vorher noch Installation von
pygit2 z.B. mit
apt install python-pygit2)
Source: https://gitlab.com/zeitgitter/git-timestamp/ Installation.md
Wer regelmässig mehr als 100 Timestamps am Tag erzeugt: Bitte eigenen Zeitstempel-Server aufsetzen und verknüpfen. → Keine Informationen über Anzahl und Zeitpunkt der Zeitstempel gehen nach aussen. (Sowieso nicht über den Inhalt.)
Git timestamping server
From source only, for now
Source: https://gitlab.com/zeitgitter/zeitgitterd/ Installation.md
Verknüpfen mit anderen:
ServerList.md: Öffentliche Server; diese als Upstream-Timestamper eintragen (liefert nur anonymisierte Daten an jene Server)
Optional: Auf ServerList.md eintragen und andere für gegenseitiges Timestamping anfragen