Curl, OpenSSLを使って、無料のタイムスタンプサービスに接続する
タイムスタンプサービス
無料でタイムスタンプトークンを発行するサービスはいくつかありますが、今回は以下に接続しました。
タイムスタンププロトコル
タイムスタンプに関わる仕様は、RFC3161、RFC5816 で 定義されています。
HTTP通信で行う際の仕様が RFC3161 の 3.4 Time-Stamp Protocol via HTTP に記載されています。
Curl で タイムスタンプサービスへ接続
OpenSSLで作成したタイムスタンプリクエストを使って、タイムスタンプサービスへ接続します。
> curl -X POST -H "Content-Type: application/timestamp-query" --data-binary @HelloWorld.txt.tsq http://eswg.jnsa.org/freetsa --output HelloWorld.txt.tsr
タイムスタンプレスポンスの解析
タイムスタンプサービスから返されたタイムスタンプレスポンスをOpenSSLで解析します。
タイムスタンプレスポンスの中にタイムスタンプトークンも含まれているようです。
> openssl ts -reply -in HelloWorld.txt.tsr -text
Using configuration from C:\Program Files\Common Files\SSL/openssl.cnf
Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified
TST info:
Version: 1
Policy OID: X509v3 Any Policy
Hash Algorithm: sha256
Message data:
0000 - a5 91 a6 d4 0b f4 20 40-4a 01 17 33 cf b7 b1 90 ...... @J..3....
0010 - d6 2c 65 bf 0b cd a3 2b-57 b2 77 d9 ad 9f 14 6e .,e....+W.w....n
Serial number: 0x076766
Time stamp: Jun 8 22:44:00 2022 GMT
Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros
Ordering: yes
Nonce: 0xDC9C89DBD700A3EC
TSA: DirName:/C=JP/O=JNSA/OU=ESWG/CN=JNSA PKI Sandbox FreeTSA 300001
Extensions:
タイムスタンプレスポンスをOpenSSLの ans1parse コマンドで解析した結果です。
> openssl asn1parse -inform DER -in HelloWorld.txt.tsr
0:d=0 hl=4 l= 797 cons: SEQUENCE
4:d=1 hl=2 l= 3 cons: SEQUENCE
6:d=2 hl=2 l= 1 prim: INTEGER :00
9:d=1 hl=4 l= 788 cons: SEQUENCE
13:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
24:d=2 hl=4 l= 773 cons: cont [ 0 ]
28:d=3 hl=4 l= 769 cons: SEQUENCE
32:d=4 hl=2 l= 1 prim: INTEGER :03
35:d=4 hl=2 l= 11 cons: SET
37:d=5 hl=2 l= 9 cons: SEQUENCE
39:d=6 hl=2 l= 5 prim: OBJECT :sha1
46:d=6 hl=2 l= 0 prim: NULL
48:d=4 hl=3 l= 221 cons: SEQUENCE
51:d=5 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
64:d=5 hl=3 l= 205 cons: cont [ 0 ]
67:d=6 hl=3 l= 202 prim: OCTET STRING [HEX DUMP]:3081C70201010604551D20003031300D060960864801650304020105000420A591A6D40BF420404A011733CFB7B190D62C65BF0BCDA32B57B277D9AD9F146E0203076766180F32303232303630383232343430305A300A020101800201F48101640101FF020900DC9C89DBD700A3ECA059A4573055310B3009060355040613024A50310D300B060355040A13044A4E5341310D300B060355040B130445535747312830260603550403131F4A4E534120504B492053616E64626F78204672656554534120333030303031
272:d=4 hl=4 l= 525 cons: SET
276:d=5 hl=4 l= 521 cons: SEQUENCE
280:d=6 hl=2 l= 1 prim: INTEGER :01
283:d=6 hl=2 l= 87 cons: SEQUENCE
285:d=7 hl=2 l= 80 cons: SEQUENCE
287:d=8 hl=2 l= 11 cons: SET
289:d=9 hl=2 l= 9 cons: SEQUENCE
291:d=10 hl=2 l= 3 prim: OBJECT :countryName
296:d=10 hl=2 l= 2 prim: PRINTABLESTRING :JP
300:d=8 hl=2 l= 13 cons: SET
302:d=9 hl=2 l= 11 cons: SEQUENCE
304:d=10 hl=2 l= 3 prim: OBJECT :organizationName
309:d=10 hl=2 l= 4 prim: PRINTABLESTRING :JNSA
315:d=8 hl=2 l= 13 cons: SET
317:d=9 hl=2 l= 11 cons: SEQUENCE
319:d=10 hl=2 l= 3 prim: OBJECT :organizationalUnitName
324:d=10 hl=2 l= 4 prim: PRINTABLESTRING :ESWG
330:d=8 hl=2 l= 35 cons: SET
332:d=9 hl=2 l= 33 cons: SEQUENCE
334:d=10 hl=2 l= 3 prim: OBJECT :commonName
339:d=10 hl=2 l= 26 prim: PRINTABLESTRING :JNSA PKI Sandbox CA Root 2
367:d=7 hl=2 l= 3 prim: INTEGER :300001
372:d=6 hl=2 l= 9 cons: SEQUENCE
374:d=7 hl=2 l= 5 prim: OBJECT :sha1
381:d=7 hl=2 l= 0 prim: NULL
383:d=6 hl=3 l= 140 cons: cont [ 0 ]
386:d=7 hl=2 l= 26 cons: SEQUENCE
388:d=8 hl=2 l= 9 prim: OBJECT :contentType
399:d=8 hl=2 l= 13 cons: SET
401:d=9 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
414:d=7 hl=2 l= 28 cons: SEQUENCE
416:d=8 hl=2 l= 9 prim: OBJECT :signingTime
427:d=8 hl=2 l= 15 cons: SET
429:d=9 hl=2 l= 13 prim: UTCTIME :220608224400Z
444:d=7 hl=2 l= 35 cons: SEQUENCE
446:d=8 hl=2 l= 9 prim: OBJECT :messageDigest
457:d=8 hl=2 l= 22 cons: SET
459:d=9 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:1EF5EEA41D363E62209E05C47B6066E4CDCFB205
481:d=7 hl=2 l= 43 cons: SEQUENCE
483:d=8 hl=2 l= 11 prim: OBJECT :id-smime-aa-signingCertificate
496:d=8 hl=2 l= 28 cons: SET
498:d=9 hl=2 l= 26 cons: SEQUENCE
500:d=10 hl=2 l= 24 cons: SEQUENCE
502:d=11 hl=2 l= 22 cons: SEQUENCE
504:d=12 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:F4BC670EB100326199E89E59B9841FBAEB460D13
526:d=6 hl=2 l= 13 cons: SEQUENCE
528:d=7 hl=2 l= 9 prim: OBJECT :rsaEncryption
539:d=7 hl=2 l= 0 prim: NULL
541:d=6 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:8FBE9B1985822ED27A61A913DFAEB2133462D2AF4F0DE4A744A723BC787868651F9E79CB1C5042F5B26189D050AF05005163EBB064004A36D83BAE3001A75A98058310FEB7B42F3ED7372D6A51052BBD17C7A0A58A8DBFF8DA945412D3DCCC64686698C8BE4E2807A95CF2C7F1D28393EABAB1CFFC5FB15A29F522156DA2DD8DAE70DDE7EA4165E318C35547EC8F94356DA24235D1B287CAB9E09C13FF769450566CB4A7B7E27DF65E853D680C8FE03E6B1FF5391B5AF1D06EA438A532A28248EA10340DE4629D5E5A49634A01E2B0AEF0EC53840F2CE9CB35853ADDE26613A494AD338B1FBB1A0C1D3260A506A836E2653C3236DFA6850FD66D4C465959F8C1
タイムスタンプレスポンスからタイムスタンプトークンを取り出す
タイムスタンプレスポンスからタイムスタンプトークンの情報だけ出力します。
> openssl ts -reply -in HelloWorld.txt.tsr -token_out -text
Using configuration from C:\Program Files\Common Files\SSL/openssl.cnf
Version: 1
Policy OID: X509v3 Any Policy
Hash Algorithm: sha256
Message data:
0000 - a5 91 a6 d4 0b f4 20 40-4a 01 17 33 cf b7 b1 90 ...... @J..3....
0010 - d6 2c 65 bf 0b cd a3 2b-57 b2 77 d9 ad 9f 14 6e .,e....+W.w....n
Serial number: 0x076766
Time stamp: Jun 8 22:44:00 2022 GMT
Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros
Ordering: yes
Nonce: 0xDC9C89DBD700A3EC
TSA: DirName:/C=JP/O=JNSA/OU=ESWG/CN=JNSA PKI Sandbox FreeTSA 300001
Extensions:
タイムスタンプレスポンスからタイムスタンプトークンを取り出します。
> openssl ts -reply -in HelloWorld.txt.tsr -token_out > HelloWorld.txt.tst
タイムスタンプトークンをOpenSSLの ans1parse コマンドで解析した結果です。
> openssl asn1parse -inform DER -in HelloWorld.txt.tst
0:d=0 hl=4 l= 788 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l= 773 cons: cont [ 0 ]
19:d=2 hl=4 l= 769 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :03
26:d=3 hl=2 l= 11 cons: SET
28:d=4 hl=2 l= 9 cons: SEQUENCE
30:d=5 hl=2 l= 5 prim: OBJECT :sha1
37:d=5 hl=2 l= 0 prim: NULL
39:d=3 hl=3 l= 221 cons: SEQUENCE
42:d=4 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
55:d=4 hl=3 l= 205 cons: cont [ 0 ]
58:d=5 hl=3 l= 202 prim: OCTET STRING [HEX DUMP]:3081C70201010604551D20003031300D060960864801650304020105000420A591A6D40BF420404A011733CFB7B190D62C65BF0BCDA32B57B277D9AD9F146E0203076766180F32303232303630383232343430305A300A020101800201F48101640101FF020900DC9C89DBD700A3ECA059A4573055310B3009060355040613024A50310D300B060355040A13044A4E5341310D300B060355040B130445535747312830260603550403131F4A4E534120504B492053616E64626F78204672656554534120333030303031
263:d=3 hl=4 l= 525 cons: SET
267:d=4 hl=4 l= 521 cons: SEQUENCE
271:d=5 hl=2 l= 1 prim: INTEGER :01
274:d=5 hl=2 l= 87 cons: SEQUENCE
276:d=6 hl=2 l= 80 cons: SEQUENCE
278:d=7 hl=2 l= 11 cons: SET
280:d=8 hl=2 l= 9 cons: SEQUENCE
282:d=9 hl=2 l= 3 prim: OBJECT :countryName
287:d=9 hl=2 l= 2 prim: PRINTABLESTRING :JP
291:d=7 hl=2 l= 13 cons: SET
293:d=8 hl=2 l= 11 cons: SEQUENCE
295:d=9 hl=2 l= 3 prim: OBJECT :organizationName
300:d=9 hl=2 l= 4 prim: PRINTABLESTRING :JNSA
306:d=7 hl=2 l= 13 cons: SET
308:d=8 hl=2 l= 11 cons: SEQUENCE
310:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
315:d=9 hl=2 l= 4 prim: PRINTABLESTRING :ESWG
321:d=7 hl=2 l= 35 cons: SET
323:d=8 hl=2 l= 33 cons: SEQUENCE
325:d=9 hl=2 l= 3 prim: OBJECT :commonName
330:d=9 hl=2 l= 26 prim: PRINTABLESTRING :JNSA PKI Sandbox CA Root 2
358:d=6 hl=2 l= 3 prim: INTEGER :300001
363:d=5 hl=2 l= 9 cons: SEQUENCE
365:d=6 hl=2 l= 5 prim: OBJECT :sha1
372:d=6 hl=2 l= 0 prim: NULL
374:d=5 hl=3 l= 140 cons: cont [ 0 ]
377:d=6 hl=2 l= 26 cons: SEQUENCE
379:d=7 hl=2 l= 9 prim: OBJECT :contentType
390:d=7 hl=2 l= 13 cons: SET
392:d=8 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
405:d=6 hl=2 l= 28 cons: SEQUENCE
407:d=7 hl=2 l= 9 prim: OBJECT :signingTime
418:d=7 hl=2 l= 15 cons: SET
420:d=8 hl=2 l= 13 prim: UTCTIME :220608224400Z
435:d=6 hl=2 l= 35 cons: SEQUENCE
437:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
448:d=7 hl=2 l= 22 cons: SET
450:d=8 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:1EF5EEA41D363E62209E05C47B6066E4CDCFB205
472:d=6 hl=2 l= 43 cons: SEQUENCE
474:d=7 hl=2 l= 11 prim: OBJECT :id-smime-aa-signingCertificate
487:d=7 hl=2 l= 28 cons: SET
489:d=8 hl=2 l= 26 cons: SEQUENCE
491:d=9 hl=2 l= 24 cons: SEQUENCE
493:d=10 hl=2 l= 22 cons: SEQUENCE
495:d=11 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:F4BC670EB100326199E89E59B9841FBAEB460D13
517:d=5 hl=2 l= 13 cons: SEQUENCE
519:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
530:d=6 hl=2 l= 0 prim: NULL
532:d=5 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:8FBE9B1985822ED27A61A913DFAEB2133462D2AF4F0DE4A744A723BC787868651F9E79CB1C5042F5B26189D050AF05005163EBB064004A36D83BAE3001A75A98058310FEB7B42F3ED7372D6A51052BBD17C7A0A58A8DBFF8DA945412D3DCCC64686698C8BE4E2807A95CF2C7F1D28393EABAB1CFFC5FB15A29F522156DA2DD8DAE70DDE7EA4165E318C35547EC8F94356DA24235D1B287CAB9E09C13FF769450566CB4A7B7E27DF65E853D680C8FE03E6B1FF5391B5AF1D06EA438A532A28248EA10340DE4629D5E5A49634A01E2B0AEF0EC53840F2CE9CB35853ADDE26613A494AD338B1FBB1A0C1D3260A506A836E2653C3236DFA6850FD66D4C465959F8C1