Timestamping client for zeitgitter
git timestamp — Git Timestamper for Zeitgitter
Being able to provide evidence that you had some piece of information at a given time and it has not changed since are important in many aspects of personal, academic, or corporate life.
It can help provide evidence
- that you had some idea already at a given time,
- that you already had a piece of code, or
- that you knew about a document at a given time.
Timestamping does not assure authorship of the idea, code, or document. It only provides evidence to the existence at a given point in time. Depending on the context, authorship might be implied, at least weakly.
Zeitgitter for Timestamping
Zeitgitter consists of two components:
- A timestamping client,
git timestamp, which can add a timestamp as a digital signature to an existing
gitmechanisms can then be used to distribute these timestamps (stored in commits or tags) or keep them private.
- A timestamping server,
zeitgitterd, which supports timestamping
gitrepositories and stores its history of commits timestamped in a
gitrepository as well. Anybody can operate such a timestamping server, but using an independent timestamper provides strongest evidence, as collusion is less likely.
- Publication of the timestamps history; as well as
- getting cross-timestamps of other independent timestampers on your timestamp history both provide mechanisms to assure that timestamping has not been done retroactively ("backstamping").
The timestamping client is called
git timestamp and allows to issue
timestamped, signed tags or commits.
To simplify deployment, we provide a free timestamping server at https://gitta.zeitgitter.net. It is able to provide several million timestamps per day. However, if you or your organization plan to issue more than a hundred timestamps per day, please consider installing and using your own timestamping server and have it being cross-timestamped with other servers.
Timestamping as a network
The revolutionary idea behind Zeitgitter is to have timestampers cross-verify each other. This results in a network which makes it hard to cheat. In fact, the network requires only a single trustworthy member to prevent all others from cheating. Even more so, you do not need to know who the non-cheating member is, as long as you can be sure that there is one or not all the bad guys are colluding.
In fact, the non-cheating member may even change over time. As long as there is always at least one member who does not backdate any timestamps, this role can freely move between members.
This extreme resilience makes timestamping with Zeitgitter so trustworthy.
usage: timestamp.py [-h] [--version] [--tag TAG] [--branch BRANCH] [--server SERVER] [--gnupg-home GNUPG_HOME] [--enable ENABLE] [--require-enable] [COMMIT]
Interface to Zeitgitter, the network of independent GIT timestampers.
- COMMIT: Which commit to timestamp. Can be set by
git config timestamp.commit-branch; fallback default: 'HEAD'
- -h, --help: Show this help message and exit. When called as
git timestamp(space, not dash), use
--helpis captured by
- --version: Show program's version number and exit
- --tag TAG: Create a new timestamped tag named TAG
- --branch BRANCH: Create a timestamped commit in branch BRANCH, with
identical contents as the specified commit. Default
name derived from servername plus
-timestamps. Can be set by
git config timestamp.branch
- --server SERVER: Zeitgitter server to obtain timestamp from. Can be set
git config timestamp.server; fallback default:
- --gnupg-home GNUPG_HOME:
Where to store timestamper public keys. Can be set by
- --enable ENABLE: Forcibly enable/disable timestamping operations;
mainly for use in
git config. Can be set by
git config timestamp.enable
- --require-enable: Disable operation unless
git config timestamp.enablehas explicitely been set to true
--tag takes precedence over
--branch. When in doubt, use
single/rare timestamping, and
--branch for reqular timestamping.
Inclusion in other packages
Timestamping can be a useful add-on feature for many operations, including
verifying whether a repository has been tampered with. For example, we use it
extensively together with
If you would like to include timestamping as an optional component in your software, you have to first decide whether timestamping should be on or off by default for your software:
- default-on: Just call
git timestampas normal. Users can disable timestamping on a per-repository basis by running
git config timestamp.enable falseat any time.
- default-off: Timestamp with the option
--require-enable. Then, users have to first run
git config timestamp.enable truein the repository. In any case, you should check whether
git timestamphas been installed before calling it. In a shell, you could do this as follows:
if which git-timestamp > /dev/null; then git timestamp OPTIONS fi
General and Client Documentation
- Timestamping: Why and how?
- Client installation
- Protocol description
- List of public Zeitgitter servers
- Discussion of the use of (weak) cryptography
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size git_timestamp-1.0.0-py2.py3-none-any.whl (17.7 kB)||File type Wheel||Python version py2.py3||Upload date||Hashes View hashes|
|Filename, size git-timestamp-1.0.0.tar.gz (12.9 kB)||File type Source||Python version None||Upload date||Hashes View hashes|
Hashes for git_timestamp-1.0.0-py2.py3-none-any.whl