Project

guardtime

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
Keyless Signatures are a combination of hash function based server-side signatures and hash-linking based digital timestamping delivered using a distributed and hierarchical infrastructure. This extension provides high-level API to access the KSI.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies
 Project Readme

About¶ ↑

Ruby API for accessing Guardtime Keyless Signature services.

API docs: rubydoc.info/gems/guardtime/

Information about the service: www.guardtime.com/signatures/technology-overview/

Installation: see INSTALL.rdoc

Background¶ ↑

The two main operations are signing and verification. Signing involves cryptographically binding the data whose integrity is to be protected to the audited time value and server component’s identity in a way that neither the data, the time value nor identity could later be changed undetectably. Verification means checking that the binding is still intact.

To get a sigature token from a Guardtime service, the client application computes a hash value of the data to be signed and submits the hash value to the signing service. The service returns a signature token binding the hash value to the current time. The interaction follows the standard cryptographic time-stamping protocol defined in the RFC 3161.

Every month, Guardtime creates an Integrity Code and publishes it in several newspapers across the world. The Integrity Code is a summary of all signatures issued by the Guardtime data integrity services. Any signature issued prior to the creation of the Integrity Code can be traced to it to unambiguously prove the signature’s issuing time, issuer ID and link to signed data, effectively proving the data integrity.

The proof connecting the signature to the Integrity Code can be inserted back into the token in a process we call extending. An extended signature token is completely independent of Guardtime. Only the original data, the signature and any copy of the newspaper where the Integrity Code is published will be necessary to prove the intgerity of the document.

For convenience, Guardtime publishes an electronic archive containing all Integrity Codes since the launch of the service and all valid signing keys. This electronic archive can be used to automate mass verification of thousands of timestamps (whether extended or not) per second in a large archive.

Usage¶ ↑

Sign:

require 'guardtime'
require 'digest/sha2'

h = Digest::SHA2.new << 'This text shall be signed!'
gt = GuardTime.new
sig = gt.sign(h)
# ...and verify right away
puts 'OK!' if gt.verify(sig, h)

Verify:

def slurpfile (fn)
    File.open(fn, 'rb') {|f| f.read}
end

token = slurpfile('importantdata.txt.gtts')
hasher = GuardTime.getnewdigester(token)
hasher << slurpfile('importantdata.txt')
gt = GuardTime.new
signedAt = nil
okay = gt.verify(token, hasher) do |r|
    signedAt = r[:time]
    /companyname$/ =~ r[:location_name] and
        r[:verification_errors] == GuardTime::NO_FAILURES
end
puts "data signed at #{signedAt.utc.to_s}" if okay

<img src=“https://travis-ci.org/ristik/ruby-guardtime.png?branch=master” alt=“Build Status” />


Published under Apache license v. 2.0. Copyright Guardtime AS 2013