The Timestamping Authority (TSA) solution processes timestamp requests to provide proof that a digital document, message, or transaction:

  • Existed at a specific point in time
  • Has not been altered since that time

On a timestamping transaction:

  • The client submits the hash of a document (never the document itself) in a timestamp request. 
  • The Timestamping Authority returns a DER-encoded timestamp token (CMS SignedData) that binds that hash to a trusted time value.

See below for the Timestamping Authority key capabilities.

Multiple timestamp issuers

A single deployment can host several independent TSA identities, each with its own signing key, certificate chain, and policy OID.

HSM integration

Timestamp Authority supports both file-based (PEM) signing keys and Hardware Security Modules via PKCS#11

Configurable padding scheme

Timestamp Authority supports both RSA and RSA-PSS signature padding schemes.

Configurable hash algorithms

Timestamp Authority supports the following hash algorithms.

  • SHA-1 (supported for legacy compatibility)
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

Reliable time source

Timestamp Authority integrates with a clock-status service that monitors NTP synchronization. 

When the clock error exceeds the configured threshold, the TSA returns a timeNotAvailable response until the clock is resynchronized, after which it resumes normal timestamp responses.

Standard compliance

Timestamping Authority is compliant with the following standards.

ID

Target

URL

​RFC 3161

The format of a request sent to a Time Stamping Authority (TSA) and the response returned. 

https://datatracker.ietf.org/doc/html/rfc3161

RFC 5816

The ESSCertIDv2 attribute that the Time Stamping Authority uses when the signature digest algorithm is SHA-256 or stronger

https://datatracker.ietf.org/doc/html/rfc5816

ETSI EN 319 421

The optional ESI4 Qualified Timestamp Statement extension for eIDAS-qualified timestamps

https://www.etsi.org/deliver/etsi_en/319400_319499/319421/01.02.01_60/en_319421v010201p.pdf

ETSI EN 319 422

The time-stamping protocol and time-stamp token format based on RFC 3161

https://www.etsi.org/deliver/etsi_en/319400_319499/319422/01.01.01_60/en_319422v010101p.pdf