timestamp icon indicating copy to clipboard operation
timestamp copied to clipboard
verified publisher icon digitorus

Signature and TSTInfo not available from ParseResponse()

Open jpgoldberg opened this issue 4 years ago • 2 comments

I strongly suspect that I am "using it wrong", but the structure returned by ParseResponse does not include the signature and may be missing other information which might be necessary to verifying a response.

jpgoldberg avatar Sep 27 '21 03:09 jpgoldberg

The Parse function called by ParseResponse does verify the signature when a certificate is included. If the certificate is not included in the response it can currently not be validated.

https://github.com/digitorus/timestamp/blob/54ddd7720e27f9d5932ac802bb6d26a5f1fdb020/timestamp.go#L267

We might need to create a new function to validate with an external certificate.

What is your use case?

vanbroup avatar Sep 27 '21 20:09 vanbroup

Mostly I wanted to create a human readable version of the TSR. I'm happy to leave verification to OpenSSL or some other tool.

jpgoldberg avatar Sep 28 '21 00:09 jpgoldberg