Timestamping Authority is an on-premises timestamping solution based on RFC 3161 that guarantees that data, including documents or code, exists at a given time through the generation of digitally signed timestamps. Specifically:

  • Proof of the time when a digital signature was applied or validated.
  • Prevents code rejection, ensuring that the signature is valid when signing.
  • Enables digital signature verification after the certificate used for the signature is revoked or expired.

 When deployed on PKI Hub, this Entrust solution adds the following to the PKI Hub integration report.

Hardware security modules supported by Timestamping Authority

 See the following table for versions supported by Timestamping Authority and other solutions.

Hardware

Client driver

Firmware

Certificate Authority

Timestamping Authority

Validation Authority

Entrust nShield Connect XC

13.9.0 (FIPS 140-2 Level 3 mode supported)

12.60.15 & 12.60.2

(tick) 

(tick) 

(tick) 

Entrust nShield 5c

13.9.0

13.2.4

(tick) 

(tick) 

(tick) 

Entrust nShield 5c 10G 

Not supported

Not supported

(error) 

(error) 

(error) 

Epicom

 EP990 v1.08-1

(error) 

(tick) 

(tick) 

Thales Luna HSM 7

10.8.0

7.7.1-20

(tick) 

(tick) 

(tick) 

Thales TCT

10.8.0

7.7.1-20

(error)  

(tick) 

(tick) 

Signature key generation algorithms supported by Timestamping Authority

Validation Authority supports the following algorithms for generating the timestamping response signing key.

<key_type>

Description

Post-quantum

RSA2048

RSA 2048 bits

(error)

RSA3072

RSA 3072 bits

(error)

RSA4096

RSA 4096 bits

(error)

ECDSAP256

ECDSA curve NIST P-256

(error)

ECDSAP384

ECDSA curve NIST P-384

(error)

ECDSAP521

ECDSA curve NIST P-521

(error)

ML-DSA-44

Module-Lattice-Based Digital Signature Algorithm 44-bit

(tick)

ML-DSA-65

Module-Lattice-Based Digital Signature Algorithm 65-bit

(tick)

ML-DSA-87

Module-Lattice-Based Digital Signature Algorithm 87-bit

(tick)