如何使用时间戳安全地签署数据?
我想使用安全时间戳对数据库中的记录进行签名,以证明它们在该日期之后没有被任何人更改。
我应该考虑哪些方法或协议? RFC 3161?我发现大多数声称提供该服务的网站在我看来并不是很有信誉。
可以自己滚吗?
I would like to sign records in a database with a secure timestamp to prove they have not been altered by anyone after that date.
What methods or protocols should I consider? RFC 3161? Most of the websites I've found that claim to provide that service don't really look very reputable to me.
Is it possible to roll your own?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您正在寻找可用的 RFC3161 服务器,那么 http://time.certum.pl/ 已经我所认识并一直存在的一个。
如果您正在寻找一个更大的解决方案,不依赖于单个基于秘密的时间戳盒(基本上是可扩展的),请查看 http://www.guardtime.com
从技术上讲,时间戳是 UNIX 时间戳:) 但是您似乎分配给时间戳的属性是散列和“签名”(可以验证声称某个哈希值在某个时间存在)。
任何与“信任”有关的事情都是你可以自己做的。您可以以同样的方式推出自己的 CA,也可以以同样的方式推出自己的基于标准的服务或发明自己的方案。但说服其他方“信任”你自己推出的东西可能会更棘手。
这就是人们为 CA 证书付费的原因 - 它们受到浏览器供应商的预先信任。这就是为什么当您需要其他人必须信任的解决方案或者您有义务为数据添加时间戳时,您需要经过认证的时间戳源。
If you're looking for a working RFC3161 server then http://time.certum.pl/ has been one that I've known and has been around.
If you're looking for a bigger solution that do not depend on a single secret based timestamping box (basically something that scales well) have a look at http://www.guardtime.com
Technically, a timestamp is a UNIX timestamp :) But the properties you seem to assign to a timestamp are a hash and a "signature" (possibility to verify that the claim that a certain hash existed at a certain time).
Anything that has to do with "trust" is something you can roll your own. The same way you can roll your own CA, the same way you can roll your own standards-based service or invent your own scheme. But convincing other parties to "trust" the thing you've rolled your own might be trickier.
That's why people pay for CA certificates - they are pre-trusted by browser vendors. That's why when you need a solution that others have to trust or if you're obliged to timestamp your data, you need a certified timestamp source.
简单的方法是附加您想要确保不被篡改的值,向其中添加盐,然后对所有值进行 md5,并保存 md5 哈希值。
因此,如果您有一个包含以下列的表:用户名、名字、姓氏、哈希值,
您可以执行 md5(用户名+名字+姓氏+“MySuperSecretSalt”) 并将值保存在哈希值中。
但我必须说,这听起来像是一件奇怪的事情。
Simple method would be to append the values you want to make sure is not tampered, add a salt to it, and then md5 all of it, and save the md5 hash.
So if you have a table with the columns: Username, Firstname, Lastname, Hash
You do a md5(Username+Firstname+Lastname+"MySuperSecretSalt") and save the value in Hash.
But I must say, it sounds like a weird thing to do.