No project description provided

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for trailofbits from gravatar.com trailofbits
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License
  • Requires: Python >=3.9
  • Provides-Extra: doc , test , lint , dev
Classifiers
Report project as malware

Project description

rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161.

It is composed of three subprojects:

  • :crab: tsp-asn1: A Rust crate using rust-asn1 to create the types used by the Time-Stamp protocol. This crate depends on rust-asn1 and cryptography to minimize the amount of duplicated code. While it is usable as a standalone crate, this is not officially supported. Drop us a message if you are interested in using it.
  • :crab: rfc3161-client: Another Rust crate that provides Python bindings to the tsp-asn1 crate using PyO3.
  • :snake: rfc3161-client A Python library using the crate above to provide a usable API to create Timestamp Request and read Timestamp Response.

Goals and anti-goals

  • This library should be correct and provide an accurate implementation of protocol described in the RFC 3161.
  • This library does not perform any network activity, it simply provides primitive to build and verify objects. Network activity must be handled separately.

Usage

There are two parts to timestamping: retrieving + verifying the timestamp.

1. Retrieving a timestamp

The below code uses requests to get the timestamp from the Identrust TSA server:

# /// script
# dependencies = [
#   "requests",
#   "rfc3161-client",
# ]
# ///
import requests
from rfc3161_client import (
    decode_timestamp_response,
    TimestampRequestBuilder,
    VerifierBuilder,
    VerificationError,
)

# the data to sign. Could be a hash or any message. Should be bytes
message = b"Hello, World!"

# build the timestamp request
timestamp_request = (
    TimestampRequestBuilder().data(message).build()
    # Note: you could also add .hash_algorithm(XXX) to specify a specific hash algorithm
)

# TSA servers must be RFC 3161 compliant (see https://github.com/trailofbits/rfc3161-client/issues/46
# for a list of working servers)
tsa_server = "http://timestamp.identrust.com"

# make the request, remember to set content-type headers appropriately
response = requests.post(
    tsa_server,
    data=timestamp_request.as_bytes(),
    headers={"Content-Type": "application/timestamp-query"},
)
response.raise_for_status()

# if successful, should give a valid TimeStampResponse object
timestamp_response = decode_timestamp_response(response.content)

Verifying a timestamp

The second part is to verify the timestamp, this is done against a set of root certificates. In this example, we'll Mozilla's list of root certs provided in the certifi package:

import certifi
from cryptography import x509
import hashlib


# get trusted root certs from certifi
with open(certifi.where(), "rb") as f:
    cert_authorities = x509.load_pem_x509_certificates(f.read())

# for each of the root certs we have, try to verify the TSR with it
root_cert = None
for certificate in cert_authorities:
    verifier = VerifierBuilder().add_root_certificate(certificate).build()
    try:
        verifier.verify_message(timestamp_response, message)
        root_cert = certificate
        break
    except VerificationError:
        continue

# if successful, the TSR was verified and we should have the root cert that signed this TSR :)
print("Here's the root cert that signed your TSR:")
print(root_cert)

License

Copyright 2024 Trail of Bits

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Authors

Trail of Bits

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for trailofbits from gravatar.com trailofbits
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License
  • Requires: Python >=3.9
  • Provides-Extra: doc , test , lint , dev
Classifiers

Release history Release notifications | RSS feed

This version

1.0.5

1.0.4

1.0.3

1.0.2 yanked

Reason this release was yanked:

CVE-2025-52556

1.0.1 yanked

Reason this release was yanked:

CVE-2025-52556

1.0.0 yanked

Reason this release was yanked:

CVE-2025-52556

0.1.2 yanked

Reason this release was yanked:

CVE-2025-52556

0.1.1 yanked

Reason this release was yanked:

CVE-2025-52556

0.1.0 yanked

Reason this release was yanked:

Wrong version number

0.0.4 yanked

Reason this release was yanked:

CVE-2025-52556

0.0.3 yanked

Reason this release was yanked:

CVE-2025-52556

0.0.2 yanked

Reason this release was yanked:

CVE-2025-52556

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rfc3161_client-1.0.5.tar.gz (61.0 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

rfc3161_client-1.0.5-cp39-abi3-win_amd64.whl (2.3 MB view details)

Uploaded CPython 3.9+Windows x86-64

rfc3161_client-1.0.5-cp39-abi3-win32.whl (1.9 MB view details)

Uploaded CPython 3.9+Windows x86

rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_x86_64.whl (2.3 MB view details)

Uploaded CPython 3.9+musllinux: musl 1.2+ x86-64

rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_i686.whl (2.2 MB view details)

Uploaded CPython 3.9+musllinux: musl 1.2+ i686

rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_armv7l.whl (2.1 MB view details)

Uploaded CPython 3.9+musllinux: musl 1.2+ ARMv7l

rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_aarch64.whl (2.7 MB view details)

Uploaded CPython 3.9+musllinux: musl 1.2+ ARM64

rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.17+ x86-64

rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_i686.manylinux2014_i686.whl (2.1 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.17+ i686

rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl (1.8 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.17+ ARMv7l

rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (2.4 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.17+ ARM64

rfc3161_client-1.0.5-cp39-abi3-macosx_11_0_arm64.whl (458.2 kB view details)

Uploaded CPython 3.9+macOS 11.0+ ARM64

rfc3161_client-1.0.5-cp39-abi3-macosx_10_12_x86_64.whl (473.9 kB view details)

Uploaded CPython 3.9+macOS 10.12+ x86-64

File details

Details for the file rfc3161_client-1.0.5.tar.gz.

File metadata

  • Download URL: rfc3161_client-1.0.5.tar.gz
  • Upload date:
  • Size: 61.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for rfc3161_client-1.0.5.tar.gz
Algorithm Hash digest
SHA256 f1a2e32e2a053455cee1ff9b325b88dbc7c66c8882dde60962add92f572df5c5
MD5 4d9b9d96e922a49b3f819f208ec061b2
BLAKE2b-256 8519c04a07f9926943b6a6945ae6972dc2c3c79b7f02e2be6346e3010a48d5f5

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5.tar.gz:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-win_amd64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 e904430e27e75a5a379fc4aac09bd60ba5f4b48054f0481b2fb417297e404047
MD5 ee669a4717610b49d895e1966d402e2a
BLAKE2b-256 4728140516906a2117e15c37505d54968e9cc9a8275d042b195728f5ffc2ad02

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-win_amd64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-win32.whl.

File metadata

  • Download URL: rfc3161_client-1.0.5-cp39-abi3-win32.whl
  • Upload date:
  • Size: 1.9 MB
  • Tags: CPython 3.9+, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-win32.whl
Algorithm Hash digest
SHA256 078e4bbf0770ddc472e2ca96cf1e23efd0c313e6682b4c2c9765e1fdf09f55a3
MD5 e9861553e63e90c26262bac70c2827fe
BLAKE2b-256 e70af7991ff6158a00ed79d6e151ede63ae50bef650cf49436cea7226a0457dc

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-win32.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 3106f3361a5a36789f43d2700e5678c847a9d3460a23f455f4c20cd39314c557
MD5 c6ae5832364713f7aeed2821ecbefd79
BLAKE2b-256 c21385b6a5b5247f79dfa75d80a2e8f8d415472ff7fd72b31d152e00f71198b9

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_x86_64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_i686.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_i686.whl
Algorithm Hash digest
SHA256 8fb34470e867a29cc15dc4987ea14f19d3bd25c863e132b6f75dca583e2cc67e
MD5 3ca41a437cbe7cc7b75f3f3d46667a63
BLAKE2b-256 da949e16134e04a45347eaad5680f8f52b0388664b45be09a0877daa196e1157

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_i686.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_armv7l.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_armv7l.whl
Algorithm Hash digest
SHA256 ae440461a310ae097417afe536d9d22fd71c95fbc9d21db3561b2707bed0aff0
MD5 eefdb9bc53c22b48b5acfecd8033c390
BLAKE2b-256 84972ca7bdbb2d84b75fad7f572264a45c0b54446a7a65735172275c09293bd6

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_armv7l.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 d31d30e354d2349ae8483ce811ef61498a3780daf8622c0b79d8cd44d271b46b
MD5 afe2b986a287aef51c97afcbc8180c1e
BLAKE2b-256 46edf173556ddbd667e9f4642f8f7eb0f920e3e3be4b7459ec98c73a5029200d

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-musllinux_1_2_aarch64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 09c47582ecea2ca4a3debf8a1eda775cc3d5ae1379da40272cc065d32e639a7a
MD5 41533489c0ecfc872d877efd0b3a4b94
BLAKE2b-256 2eb94da9f80da4ac30b9645c9a3455e71c4f6652ed886f20e11bfb9a01bcacd0

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_i686.manylinux2014_i686.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_i686.manylinux2014_i686.whl
Algorithm Hash digest
SHA256 9c53a6711bab0c3f77dc9cf1e2fd750da475ff7abbc40ffe0333d8c518a8a9c8
MD5 d28d82d4b228a5c2a6e594cfdf23d63c
BLAKE2b-256 69510b30e3542fdf7adeb9f6afac1f095c543328a1a28c9d220f4e2207c6b845

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_i686.manylinux2014_i686.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl
Algorithm Hash digest
SHA256 31b6ee79f15b93d90952efd0395bb3f5ebf07941469c5c6eb32f9b64312cda6e
MD5 08ff92e37052ce5a97ad4ea0312bb56e
BLAKE2b-256 bcd3f93d1af5d9a1fed348ef543d39418aff02b0badf019b772f128c3483321c

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 61c04b4953453e5c26a1949c20adac415b65cd062dab0960574d6c36240222d2
MD5 d9f5308537072115773f835a7fcd0e76
BLAKE2b-256 27d70511f1423f1658b708cfa27043a21b06699ba7c2aef37ba465379b81c24d

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 d9ed8e597d0ee7387da1945e1583c4516b26f133770b3956e079606e2d90b69c
MD5 f2a4c771b8a34b207ef5b38fe627f0ae
BLAKE2b-256 804519224e046d76f214d056c40a2086d9147afb0bcadc0c823c2c8bd54d62aa

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-macosx_11_0_arm64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rfc3161_client-1.0.5-cp39-abi3-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for rfc3161_client-1.0.5-cp39-abi3-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 8a54fdb2f9e64481272b89137a7b71403cf1d30f5505c2e0c15a47a1cc100264
MD5 03ffef5e2487220388e55880291db86f
BLAKE2b-256 f31196bc76086113b8d24291f7f72826739d4fc8d8e83683e27125b8966d0cea

See more details on using hashes here.

Provenance

The following attestation bundles were made for rfc3161_client-1.0.5-cp39-abi3-macosx_10_12_x86_64.whl:

Publisher: CI.yml on trailofbits/rfc3161-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page