Command-linetooltocreateandvalidatetimestampproofswiththeOpenTimestampsprotocol,usingtheBitcoinblockchainasatimestampnotary.AdditionallythispackageprovidestimestampingofPGPsignedGitcommits,andverificationoftimestampsforbothGitcommitsasawhole,andindividualfileswithinaGitrepository.
RequirementsPython3WhileOpenTimestampscancreatetimestampswithoutalocalBitcoinnode,toverifytimestampsyouneedalocalBitcoinCorenode(aprunednodeisfine).
InstallationEitherviaPyPi:
$pip3installopentimestamps-clientorfromsource:
$python3setup.pyinstallOnDebian(Stretch)youcaninstallthenecessarysystemdependencieswith:
sudoapt-getinstallpython3python3-devpython3-pippython3-setuptoolspython3-wheelUsageCreatingatimestamp:
$otsstampREADME.mdSubmittingtoremotecalendarhttps://a.pool.opentimestamps.orgSubmittingtoremotecalendarhttps://b.pool.opentimestamps.orgSubmittingtoremotecalendarhttps://a.pool.eternitywall.comYou'llseethatREADME.md.otshasbeencreatedwiththeaidofthreeremotecalendars.Wecan'tverifyitimmediatelyhowever:
$otsverifyREADME.md.otsAssumingtargetfilenameis'README.md'Calendarhttps://alice.btc.calendar.opentimestamps.org:PendingconfirmationinBitcoinblockchainCalendarhttps://bob.btc.calendar.opentimestamps.org:PendingconfirmationinBitcoinblockchainCalendarhttps://finney.calendar.eternitywall.com:PendingconfirmationinBitcoinblockchainIttakesafewhoursforthetimestamptogetconfirmedbytheBitcoinblockchain;we'renotdoingonetransactionpertimestamp.
However,theclientdoescomewithanumberofexampletimestampswhichyoucantryverifyingimmediately.Here'sacompletetimestampthatcanbeverifiedlocally:
$otsverifyexamples/hello-world.txt.otsAssumingtargetfilenameis'examples/hello-world.txt'Success!Bitcoinblock358391attestsexistenceasof2015-05-28CESTYoucanspecifyJSON-RPCcredentials(USERandPASS)foralocalbitcoinnodelikeso:
$ots--bitcoin-nodehttps://USER:PASS@127.0.0.1:8332/verifyexamples/hello-world.txt.otsAssumingtargetfilenameis'examples/hello-world.txt'Success!Bitcoinblock358391attestsexistenceasof2015-05-28CESTIncompletetimestampsareonesthatrequiretheassistanceofaremotecalendartoverify;thecalendarprovidesthepathtotheBitcoinblockheader:
$otsverifyexamples/incomplete.txt.otsAssumingtargetfilenameis'examples/incomplete.txt'Got1newattestation(s)fromhttps://alice.btc.calendar.opentimestamps.orgSuccess!Bitcoinblock428648attestsexistenceasof2016-09-07CESTTheclientmaintainsacacheoftimestampsitobtainsfromremotecalendars,soifyouverifythesamefileagainit'llusethecache:
$otsverifyexamples/incomplete.txt.otsAssumingtargetfilenameis'examples/incomplete.txt'Got1attestation(s)fromcacheSuccess!Bitcoinblock428648attestsexistenceasof2016-09-07CESTYoucanalsoupgradeanincompletetimestamp,whichaddsthepathtotheBitcoinblockchaintothetimestampitself:
$otsupgradeexamples/incomplete.txt.otsGot1attestation(s)fromcacheSuccess!TimestampiscompleteFinally,youcangetinformationonatimestamp,includingtheactualcommitmentoperationsandattestationsinit:
$otsinfoexamples/two-calendars.txt.otsFilesha256hash:efaa174f68e59705757460f4f7d204bd2b535cfd194d9d945418732129404ddbTimestamp:append839037eef449dec6dac322ca97347c45sha256->append6b4023b6edd3a0eeeb09e5d718723b9esha256prepend57d46515appendeadd66b1688d5574verifyPendingAttestation('https://alice.btc.calendar.opentimestamps.org')->appenda3ad701ef9f10535a84968b5a99d8580sha256prepend57d46516append647b90ea1b270a97verifyPendingAttestation('https://bob.btc.calendar.opentimestamps.org')TimestampingandVerifyingPGPSignedGitCommitsSeedoc/git-integration.md
PrivacySecurityTimestampinginherentlyrecordspotentiallyrevealingmetadata:thecurrenttime.Ifyoucreatemultipletimestampsinclosesuccessionit'squitelikelythatanadversarywillbeabletolinkthosetimestampsasrelatedsimplyonthebasisofwhentheywerecreated;ifyoumakeuseofthetimestampmultiplefilesinonecommandfunctionality(./otsstamp<file1><file2>...<fileN>)mostofthecommitmentoperationsinthetimestampsthemselveswillbeidentical,providinganadversaryverystrongevidencethatthefilesweretimestampedbythesameperson.Finally,theRESTAPIusedtocommunicatewithremotecalendarsdoesn'tcurrentlyattempttoprovideanyprivacy,althoughitcouldbemodifiedtodosointhefuture(e.g.withprefixfilters).
Filecontentsareprotectedwithnonces:aremotecalendarlearnsnothingaboutthecontentsofanythingyoutimestampasitonlyeverreceivesanopaqueandmeaninglessdigest.Equally,ifmultiplefilesaretimestampedatonce,eachfileisprotectedbyanindividualnonce;thetimestampforonefilerevealsnothingaboutthecontentsofanotherfiletimestampedatthesametime.
CompatibilityExpectationsOpenTimestampsisalphasoftware,soit'spossiblethattimestampformatsmayhavetochangeinthefutureinnon-backward-compatibleways.Howeveritwillalmostcertainlybepossibletowriteconversiontoolsforanynon-backwards-compatiblechanges.
It'sverylikelythattheRESTprotocolusedtocommunicatewithremotecalendarswillchange,includinginbackwardsincompatibleways.Ifthishappensyou'lljustneedtoupgradeyourclient;existingtimestampswillbeunaffected.
CalendarMirroringAsashort-termmeasure,therawcalendardataforthethreecalendarserversinoperationatthistimecanbedownloadeddirectly.Seethecontrib/calendar-mirror.shscriptfordetails.
DevelopmentUsethesetuptoolsdevelopmentmode:
python3setup.pydevelop--userKnownIssuesNeedunittestsfortheclient.
Gittreere-hashingsupportfailsoncertainfilenameswithinvalidunicodeencodings;thisappearstobeduetobugsintheunderlyingGitPythonlibrary.Asawork-around,youmayfindtheconvmvtoolusefultofindandrenamethesefiles.
GitannexsupportonlyworkswiththeSHA256andSHA256Ebackends.
ErrorsintheBitcoinRPCcommunicationaren'thandledinauser-friendlyway.
NotallPythonplatformscheckSSLcertificatescorrectly.Thismeansthatonsomeplatforms,itwouldbepossibleforaMITMattackertointerceptHTTPSconnectionstoremotecalendars.Thatsaid,itshouldn'tbepossibleforsuchanattackertodoanythingworsethangiveusatimestampthatfailsvalidation,aneasilyfixedproblem.
ots-git-gpg-wrapperdoesn'tyetcheckforyouifthetimestamponthegitcommitmakessense.
bitcoinpackagecancauseissues,withotsconfusingitwiththerequiredpython-bitcoinlibpackage.AsymptomofthisissueisthemessageAttributeError:module'bitcoin'hasnoattribute'SelectParams'orJSONDecodeError("Expectingvalue",s,err.value)fromNone.Toremedythisissue,onemustdothefollowing:
#uninstallthepackagesthroughpippip3uninstallbitcoinpython-bitcoinlib#removethebitcoindirectorymanuallyfromyourdist-packagesfolderrm-rf/usr/local/lib/python3.5/dist-packages/bitcoin#reinstalltherequiredpackagepip3installpython-bitcoinlib
评论