How it works

How exactly does zeitgitter do that ?

A program calculate a unique fingerprint of a file ( document, MP3, logfile, photography ) . This imprint can only be created by those who own the file. A so-called hash value. There can’t be made any conclusion about the content from the hash value, but it is worldwide unique.

Now zeitgitter comes into play. The program sends this hash value to several independent zeitgitter-servers. These servers insert the hash value into a long chain of hash values and provide the value with a time stamp and transmit it back to the author. This chain cannot be changed and is independently backed up at different locations around the world. The way zeitgitter concatenates the hash values prevents manipulation of any kind. Commonly called the Blockchain. **The timestamp proves that at time X the hash value of a file with signature or photograph existed.

Implementation

The PGP Timestamper

An example is the already-mentiond PGP Timestamping service, which provides users with the ability to timestamp a document or a hash thereof, by having an independent party create a OpenPGP-signed and dated message, each of them with a unique and consecutive serial number.

To ensure trustworthyness and provide full transparency, daily digests of the hashes and signatures are then also (a) archived and (b) immediately posted to anyone wishing to be able to withness and reproduce the stamping process.

A disadvantage of the PGP Timestamper is its archaic interface and the log delays (several minutes). Also, the signatures are hard to verify by non-experts.

zeitgitter goals

zeitgitter is inspired by the PGP Timestamper, but trying to as simple to use as possible in a git context.

The goal of zeitgitter is to provide as many independent timestamping services as possible, so a user (or organization) can freely select a subset fulfulling their needs.

To establish trust in the service, the source code is made available under an open source license.

zeitgitter operation

zeitgitter listens on an HTTPS port and awaits POST requests for signing a tag or a branch commit. It then returns the appropriate information, ready for the client to integrate it into its git repository, from where it then can be

• verified using git tag -v <tagname> or git verify-commit <commit>, and/or
• published to other repositories.

At the same time, the timestamping server maintains a log of all commit hashes signed, in a git repository itself.

As a result,

1. the requester of a timestamp will get immediate confirmation (a timestamping signature on a tag or branch).
2. Later, the timestamper then either cross-timestamps its repository and/or publishes it.
3. This allows third parties to inspect the timestamping server’s operation and therefore strictly limits the timestamping server’s ability to backdate anything beyond the cross-timestamping/publication interval.

This allows a compact, energy-efficient basis for many notarization services.

Name

The name zeitgitter tries to keep in line with the slang naming philosophy behind git).

Usage

This software is free software; so you may use it in any way you see fit, in accordance to the AGPL v3.0 license.

Timestamping has a need to be as transparent as possible. Therefore, you may want to make information about your timestamping service, including the running code and its settings, available publicly anyway. AGPL was chosen to reflect this spirit. Please contact me if you require other licensing terms.

It is desirable that as many people and organisations as possible do provide timestamping services. So a user may choose a subset of them which are mutually independent and generally trustworthy.

Installation and typical usage of the timestamping client is documented in doc/Install.md. Wo man es herunterladen kann Kostenlos, Open-Source Git timestamping client

1. pip install git-timestamp (je nach OS vorher noch Installation von pygit2 z.B. mit apt install python-pygit2) Source: https://gitlab.com/zeitgitter/git-timestamp/ Installation.md Wer regelmässig mehr als 100 Timestamps am Tag erzeugt: Bitte eigenen Zeitstempel-Server aufsetzen und verknüpfen. → Keine Informationen über Anzahl und Zeitpunkt der Zeitstempel gehen nach aussen. (Sowieso nicht über den Inhalt.)

Git timestamping server From source only, for now Source: https://gitlab.com/zeitgitter/zeitgitterd/ Installation.md Verknüpfen mit anderen:

ServerList.md: Öffentliche Server; diese als Upstream-Timestamper eintragen (liefert nur anonymisierte Daten an jene Server)
Optional: Auf ServerList.md eintragen und andere für gegenseitiges Timestamping anfragen