An IETF Time-Stamp Protocol (TSP) (RFC 3161) client
Project description
tsp-client is an implementation of the RFC 3161 TSP protocol in Python.
TSP is used for point-in-time attestation and non-repudiation as part of various electronic signature and code signing schemes, including eIDAS XAdES (tsp-client is used by SignXML to implement XAdES).
Installation
pip install tsp-client
Synopsis
from tsp_client import TSPSigner, TSPVerifier
# Sign a message online by transmitting its digest to the timestamp authority
message = b"abc"
signer = TSPSigner()
signed = signer.sign(message) # Returns raw bytes of the verified timestamp token.
# Verify a presented timestamp token offline using the original message
verified = TSPVerifier().verify(signed, message=message)
# Or verify using the message digest (digest algorithm may vary)
import hashlib
digest = hashlib.sha512(message).digest()
verified = TSPVerifier().verify(signed, message_digest=digest)
print(verified.tst_info) # Parsed TSTInfo (CMS SignedData) structure
print(verified.signed_attrs) # Parsed CMS SignedAttributes structureSpecifying a custom TSA
To provide a timestamped signature with non-repudiation bound by a chain of trust, TSP requires the use of a TSA (time-stamp authority) server when generating timestamp tokens. TSA servers can be thought of as digital notaries. Verification of tokens can be done offline using your system’s certificate authority (CA) trust store.
By default, tsp-client uses the DigiCert TSA server when signing tokens. To use a different TSA, set the SigningSettings.tsp_server attribute as follows:
from tsp_client import TSPSigner, TSPVerifier, SigningSettings
signing_settings = SigningSettings(tsp_server="http://timestamp.identrust.com")
signer = TSPSigner()
signed = signer.sign(message, signing_settings=signing_settings)There is currently no credible public TSA that offers HTTPS transport security and does not apply throttling. DigiCert provides a relatively high throughput public TSA endpoint, but your SHA-512 message digests will be transmitted unencrypted over your network. As an alternative, Sectigo offers an HTTPS TSA (https://timestamp.sectigo.com) but applies throttling so is only suitable for low throughput applications.
Links
Bugs
Please report bugs, issues, feature requests, etc. on GitHub.
License
Licensed under the terms of the Apache License, Version 2.0.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for tsp_client-0.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d198ae449063a8d7ddb9a15f87188b0bcb61e957caf827e0b31d75e91b1c1f7f |
|
| MD5 | ece15394ebeb4c96e41492206b366af2 |
|
| BLAKE2b-256 | 27f7a45fc6124b5ae3f707e9541c81a812d23b8adafe98dd5de06437baab3b65 |
