TSP

TSP 2.32

The Timestamp API (TSP-API) provides all needed functionality to develop a Timestamp Server or Client.

Main Features

With the TspClientSocket which extends the java.net.Socket and the TspSSLClientSocket which extends the iaik.security.ssl.SSLSocket it is very easy to connect to a RFC 3161 compliant TSP Server. Once you are connected you can send a request and receive the corresponding response within one method invocation.

 

  • Written purely in the Java™ language implementation of the time stamp protocol (IETF RFC-3161)
  • SigningCertificateV2 and ESSCertIDv2 support according to IETF RFC-5816
  • Encoding and decoding of time stamp requests
  • Encoding and decoding of time stamp responses and accessing the contained information
  • Verifying digital signatures of time stamp tokens
  • Works on JDK Versions 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 and compatible
  • All data types which are defined as ASN.1 structures in the RFC 3161 are implemented as separate classes with full control and access for the developer
  •  Sample code of TCP/IP, SSL and HTTP-based TSP server and clients

 

Additional Benefits:

 

  • Cryptographic Provider Independence:
    • Can be used with any JCA/JCE 1.2 (or later) compliant cryptography provider
    • Can use several different cryptography providers at the same time
  • Provisions for easy integration of smartcards and other secure hardware devices
  • Delivered with the IAIK-JCE provider by default

Pricing and Licensing

For current prices, please see our price list and license conditions.

See Prices

Webshop

To order the product enter

See Webshop

IAIK-TSP – 5. December 2016
Class or Package Bug / Change / New Feature Description and Examples
demo.tsp.config.TspServerConfiguration NF

– Now allows to specify the signature algorithm to be used for signing the TimeStampToken,

– TSA Key/Certificate can be specified via Java KeyStore file (in addtion to PKCS#12 format)

– Support for HSM based response signing using theIAIK PKCS11Provider

IAIK-TSP – 19. September 2014
Class or Package Bug / Change / New Feature Description and Examples
iaik.tsp.TSTInfo C

Changed method setGenTime to include milli seconds in GeneralizedTime encoding.

IAIK-TSP – 20. December 2013
Class or Package Bug / Change / New Feature Description and Examples
*

Comes with new IAIK-JCE (5.2) and IAIK-CMS (5.0) libraries

demo.tsp.server.TspServerConfiguration C

Sort certificate chain read from PKCS#12 file

demo.tsp.util.CreateTspCertificate C

Now creates a chain of two certificates, the TSA certificate
and a CA certificate that issues the TSA certificate.
(OpenSSL rejected self-signed TSA cert because of missing
keyCertSign KeyUsage bit)

IAIK-TSP – 6. April 2012
Class or Package Bug / Change / New Feature Description and Examples
* C

JDK 1.1.x is no longer supported. Supported Java(TM) versions are 1.2, 1.3, 1.4, 1.5 (5.0), 1.6 (6.0), 1.7 (7.0) and compatible.

demo.tsp.util.CreateTspCertificate NF

Allows to specify key length and validity length.

iaik.tsp.MessageImprint NF
iaik.tsp.TimeStampToken NF, C

Method verifyTimeStampToken now checks if the TSA certificate
contains a critical ExtendedKeyUsage extension with key purpose id
timeStamping as required by RFC 3161, and if theKeyUsage
extension — if present — is eligible for signing.

iaik.tsp.TimeStampToken NF

Method setCheckKeyUsage added do en/disable the KeyUsage and
ExtendedKeyUsage checks during signature time stamp token verification.

iaik.tsp.TimeStampToken NF

Protected method checkKeyUsage added allowing an application to
customize the KeyUsage and ExtendedKeyUsage checks.

iaik.tsp.TimeStampToken B

Removed method signTimeStampToken0.

iaik.tsp.Accuracy, iaik.tsp.PKIStatusInfo, iaik.tsp.TimeStampReq, iaik.tsp.TimeStampResp, iaik.tsp.TSTInfo B

Fixed component count check in parsing methods.

iaik.tsp.transport.http.TspHttpClient C

Constructor TspHttpClient(URL url) does no more internally call

HttpURLConnection.setFollowRedirects(true); to not override
any application configured redirect policy

iaik.tsp.transport.http.TspHttpClient NF

New constructor TspHttpClient(HttpURLConnection urlConnection)
allowing to create a TspHttpClient object from an (already
connected) HttpURLConnection; maybe used to connect via
a Proxy (if System properties are not applicable).

iaik.tsp.transport.ssl.TspSSLClientSocket NF

New constructor TspSSLClientSocket(Socket proxySocket, String host, int port, int timeOut, SSLContext context) allowing to create aTspSSLClientSocket object with a Socket connected to a proxy; maybe used to connect via a Proxy (if System properties are not applicable).

iaik.tsp.transport.tcpip.TspClientSocket NF

New constructor public TspClientSocket(java.net.Proxy proxy) allowing to create a TspClientSocket object from a Proxy object; maybe used to connect via a Proxy (if System properties are not applicable).

iaik.tsp.transport.tcpip.TspTcpIpProtocol B

Fixed handling of TspTcpIpResponse messages representing a errorMsgRep.

IAIK-TSP 2.1: – 7. May 2010
Class or Package Bug / Change / New Feature Description and Examples
Classor Package NF

HTTP based TSP client demo.

demo.tsp.cofig.TspServerConfiguration C

Allows now to specify the Accuracy only in seconds; dafault hash algorithm SHA-256; configuration option to decide whether to also include aSigningCertificate attribute (with SHA-1 ESSCertID)
in addition to a SigningCertificateV2 attribute (with non SHA-1 ESSCertIDv2)

demo.tsp.util.CreateTspCertificate C

ExtendedKeyUsage extension now marked ascritical; Subject, Issuer RDNs added in reversed order (country first); key length 2048 bits; signature algorithm sha256WithRSAEncryption

iaik.tsp.PKIStatus NF

New method getStatusString() to return the status as string.

iaik.tsp.TimeStampToken NF, C

According to RFC 5816 methodsignTimeStampToken now uses aSigningCertificateV2 attribute with anESSCertIDv2 object to identify the certificate of the signing TSA if another hash algorithm than
SHA-1 is used.

iaik.tsp.TimeStampToken NF

New method addSha1ESSCertID to decide whether to also include a SigningCertificate attribute in addition to a SigningCertificateV2 attribute if another hash algorithm than SHA-1 is used (default:false).

iaik.tsp.TimeStampToken C

Method getCertID() now returns anESSCertIDv2 if the TimeStampToken only contains a SigningCertificateV2 attribute to identify the certificate of the signing TSA by anESSCertIDv2 with another hash algorithm than SHA-1.

iaik.tsp.TimeStampToken NF

New methods getCertIDv2() andgetIssuerSerialv2 to query for anESSCertIDv2 certificate identifier and itsESSIssuerSerial component if the TimeStampToken contains aSigningCertificateV2 attribute.

iaik.tsp.TimeStampToken NF
iaik.tsp.TimeStampToken NF

New method verifyTimeStampToken() without parameter to verify the signature with the certificate included in the token (if present).

IAIK-TSP – 20. June 2005
Class or Package Bug / Change / New Feature Description and Examples
iaik.tsp.Accuracy B

Modified the encoding.

IAIK-TSP – 9. November 2004
Class or Package Bug / Change / New Feature Description and Examples
ALL C

Update of the documentation.

IAIK-TSP – 12. September 2004
Class or Package Bug / Change / New Feature Description and Examples
ALL NF, C

Complete redesign of the whole API.

IAIK-TSP – 16. June 2003
Class or Package Bug / Change / New Feature Description and Examples
iaik.tsa.response.TimeStampServerManager C

The policy id under which the response will be created is now gathered through the property file. Former it was extracted from the signing certificate.

iaik.tsa.connection.http NF

A HTTP Server servlet has been added which has two operation modes. It can redirect an http timestamp request to an running tcp timestamp server or it can process the time stamp request itself.

IAIK-TSP 1.01: – 7. April 2003
Class or Package Bug / Change / New Feature Description and Examples
iaik.tsa.asn1.TimeStampToken B

Using function getTSTInfo() produces aClassCastException.

iaik.tsa.connection.http NF

HTTP support for the client has been added.

IAIK-TSP – 18. October 2002
Class or Package Bug / Change / New Feature Description and Examples
ALL NF, C

First implementation of the time stamp protocol.

Any questions?

Don‘t hestitate to ask us about our products.

Contact us