npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@xevolab/timestamping-token

v1.1.1

Published

Time Stamping Authority (TSA) implementation.

Downloads

19

Readme

Timestamping Authority

RFC 3161 Timestamping Authority implementation in Node.js

Introduction

This repository contains a Node.js implementation of a Timestamping Authority (TSA) as defined in RFC 3161. The implementation is based on the Node.js crypto module and the ASN.1 JavaScript decoder.

Installation

In order to install the library, run the following command:

npm install @xevolab/timestamp-token

You will be able to import the library using the following syntax:

const {TimeStampReq, TimeStampResp} = require("@xevolab/timestamp-token");
// or
import {TimeStampReq, TimeStampResp} from "@xevolab/timestamp-token";

Usage

TimeStampReq

Importing a TimeStampReq from a DER-encoded buffer

A TimeStampReq can be imported from a DER-encoded buffer using the TimeStampReq.fromDER method:

import {TimeStampReq} from "@xevolab/timestamp-token";

const tsq = new TimeStampReq().fromDER(buffer);

This method returns a TimeStampReq object.

Generating a TimeStampReq with a JSON object

A TimeStampReq can be generated using a more convenient JSON object using the TimeStampReq constructor:

import {TimeStampReq} from "@xevolab/timestamp-token";

const tsq = new TimeStampReq({
   version: 1,
   messageImprint: {
      hashAlgorithm: "sha256",
      hashedMessage: "012ABCDEF..."|Buffer
   },
   policy: "",    // optional
   nonce: 0,      // optional
   certReq: false // optional
});

The TimeStampReq constructor returns a TimeStampReq object. The buffer property of the TimeStampReq object contains the DER-encoded request.

TimeStampResp

Creating a response from a TimeStampReq

A TimeStampResp is generated and signed using the TimeStampReq.sign method:

import {TimeStampReq, TimeStampResp} from "@xevolab/timestamp-token";

const tsq = new TimeStampReq().fromDER(buffer);
const tsr = tsq.sign({
   // The private key used to sign the response
   key: KeyObject,
   // Array of X509Certificate objects where the first one is the signer certificate
   certs: X509Certificate[],
});

The sign method returns an instance of TimeStampResp.

Creating a response without a TimeStampReq

A TimeStampResp can be created without a TimeStampReq using the TimeStampResp constructor:

import {TimeStampResp} from "@xevolab/timestamp-token";

const resp = new TimeStampResp(
   hashedMessage: string | Buffer,
   {
      // Hash algorithm used to hash the message
      hashAlgorithm: "SHA256"|"SHA384"|"SHA512",

      nonce: number | Buffer, // optional
      certReq: boolean,       // optional

      key: KeyObject,
      certs: X509Certificate[],

      // Additional optional parameters for the signing process
      signingOptions: {
         // Signing options
         signingHashAlgorithm: "SHA256"|"SHA384"|"SHA512",

			// Enable external signatures
			externalSignature: boolean
      }
   }
);

External signatures

The externalSignature option can be used to enable external signatures. When this option is enabled, the sign method will not sign the response.

const tsr = new TimeStampResp({
	...,
	signingOptions: {
		externalSignature: true
	}
});

const signature = Buffer.from("0123456789abcdef", "hex");

tsr.setSignature(signature);

The TimeStampResp constructor returns an instance of TimeStampResp. The buffer property of the TimeStampResp object contains the DER-encoded response.

OpenSSL

OpenSSL has a built-in implementation of a TSA. The following commands can be used to generate a TimeStampReq and a TimeStampResp.

For help setting up the OpenSSL config for TSA you can refer to “Setting up a Time Stamping Authority with OpenSSL” (jimby.name).

Generating a TimeStampReq

The OpenSSL command line tool can be used to generate a TimeStampReq for a generic file using the following command:

openssl ts -query -data <file> [-no_nonce] [-sha256|sha384|sha512] [-cert] > file.tsq

Where:

  • <file> is the path to the file to be timestamped
  • -no_nonce disables the nonce value
  • -sha256 uses SHA-256 as the hash algorithm, -sha384 uses SHA-384 and -sha512 uses SHA-512
  • -cert enables the inclusion of the certificate chain in the request (certReq flag is on)

You can preview the content of the DER buffer using the following command:

openssl ts -reply -in file.tsq -text

Generating a TimeStampResp

The OpenSSL command line tool can be used to generate a TimeStampResp for a generic TimeStampReq using the following command:

openssl ts -reply -queryfile <file.tsq> -inkey <private-key.pem> -signer <certificate.pem> -CAfile <certificate.pem> -out file.tsr

Where:

  • <file.tsq> is the path to the TimeStampReq file
  • <private-key.pem> is the path to the private key used to sign the response
  • <certificate.pem> is the path to the certificate used to sign the response
  • -CAfile <certificate.pem> is the path to the certificate chain used to sign the response
  • file.tsr is the path where the TimeStampResp will be saved

You can preview the content of the DER buffer using the following command:

openssl ts -reply -in file.tsr -text

Verifying a TimeStampResp

openssl ts -verify -queryfile file.tsq -in file.tsr -CAfile <certificate.pem>

Where:

  • <file.tsq> is the path to the TimeStampReq file
  • <file.tsr> is the path to the TimeStampResp file
  • <certificate.pem> is the path to the certificate chain used to sign the response

Example

import {TimeStampReq, TimeStampResp, parseCerts} from "@xevolab/timestamp-token";
import { createPrivateKey } from "crypto";
import fs from "fs";

const key = createPrivateKey({
   key: fs.readFileSync("private.key.pem", "ascii"),
   format: "pem",
   type: "pkcs1"
});
const certs = parseCerts(fs.readFileSync("cert.chain.crt", "ascii"));

// ---
// From a DER buffer

const tsq = new TimeStampReq().fromDER(fs.readFileSync("file.tsq"));

const tsr = tsq.sign({
   key,
   certs,
});

const tsrBuffer = tsr.buffer;

// ---
// From a JSON object

const tsr2 = new TimeStampResp("42191cda4fea645078d6e14e311dfa4bbd04f154fbbe9376e8a3833242cd5c03", {
   hashAlgorithm: "SHA256",
   key,
   certs
});

const tsr2Buffer = tsr2.buffer;