Spanish CatalĂ 

Trusted timestamping is the process of securely keeping track of the creation and modification times of a document. Security here means that no one - not even the owner of the document - should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised. FreeTSA trusted timestamping Software as a Service (SaaS) provides an easy method to apply RFC 3161 trusted timestamps to time-sensitive transactions through independently verified and auditable date and UTC (Coordinated Universal Time) sources.

Adding a trusted timestamp to code or to an electronic signature provides a digital seal of data integrity and a trusted date and time of when the transaction took place. Recipients of documents and code with a trusted timestamp can verify when the document or code was digitally or electronically signed, as well as verify that the document or code was not altered after the date the timestamp vouches for. (Readme).

For multiple files, the general concept is that timestamping a single file that contains an aggregate list of fingerprints of other files, also proves that these other files must have existed before the aggregate file was created, provided that both the aggregate file and the referenced file are available during verification process. Freetsa also offers the possibility of URLs timestamps (do not abuse). If you are interested in implementing timestamps on your project / company using the FreeTSA service, you can contact me for specific requirements. Freetsa can also be used within the Tor anonymity network. offers free NTP and DNSCRYPT services for time synchronisation and encrypted name resolution respectively. The resolution of DNS (Port 553) do not have any type of restriction (SPAM, Malware, Parental,...). No logs are saved and the keys-rotation is every 12 hours.

FreeTSA onion domain (Tor): th3ccojidpgbgv5d.onion (https /http).

FreeTSA - Guide / Tips: Read.

Three possibilities are offered to obtain a timestamp: TCP-based, from webform and HTTP / HTTPS.

RFC 3161 TSA: Time-Stamp Protocol (TSP).
FRC 958 NTP: Network Time Protocol (NTP).

FreeTSA: NTP Pool Project associate membership. / HTTPS / HTTP 2.0 support / IPv6 / OCSP and CRL / HPKP - HSTS - CSP / SSL Labs. / Certificate Transparency

Request Digest: md4 / md5 / rmd160 / sha / sha1 / sha224 / sha256 / sha384 / sha512.

- Freetsa TSA Certificate: tsa.crt
- Key modulus (sha256): 899ba3d9f777e2a74bdd34302bc06cb3f7a46ac1f565ee128f79fd5dab99d68b

- Freetsa CA Certificate: cacert.pem
- Key modulus (sha256): a4b1a0a81aef68be1cc985d0f83bd6539cfe84174587f900e15ffe3f65433056

URL screenshot: Signature + URL timestamps.(Video)

Create evidence of illegal Internet content / non-repudiation of certain content.

- Deleted / Edited controversial news.
- Slander, threats or insults on Internet (social networks) / Scams.
- Misuse of intellectual property: articles, photographs, plagiarism, etc.
- Publication of unauthorized information
- Simply demonstrate the existence of a specific content at a specific time.

URL Screenshot content: Web content and links in PDF / PNG format (attachment) + Signature with Timestamping (SHA-512). Aprox wait time 25 secons.

Normal. I'm Feeling Lucky (slower). TOR ".onion" domain / Web visited through the Tor-network
Browser agent: 'Mozilla/5.0 (X11; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0'
$ curl --data "screenshot=" > screenshot.pdf
$ curl --data "screenshot=" > screenshot.pdf # (I'm Feeling Lucky)

### HTTP 2.0 in cURL: Get the latest cURL release and use this command: curl --http2.

### REST API in Tor: Add "-k --socks5-hostname localhost:9050".

# Normal domains within the Tor-network.
$ curl -k --socks5-hostname localhost:9050 --data "screenshot=" https://th3ccojidpgbgv5d.onion/screenshot.php > screenshot.pdf

# ".onion" domain within the Internet.
$ curl -k --data "screenshot=https://th3ccojidpgbgv5d.onion/&delay=y&tor=y" > screenshot.pdf

# ".onion" domain within the Tor network.
$ curl -k --socks5-hostname localhost:9050 --data "screenshot=https://th3ccojidpgbgv5d.onion/&delay=y&tor=y" https://th3ccojidpgbgv5d.onion/screenshot.php > screenshot.pdf

Option 1: Screenshot browser button.
1. Drag the bookmarklet "URL screenshot" to your Bookmarks Toolbar or Links Bar.
2. While viewing a page you want to use the bookmarklet on, click the bookmarklet from your Bookmarks Toolbar.

Option 2: Screenshot browser button (with icon).
Integrating an easy "URL screenshot" button in your favorite browser. (Download bookmark).

- Firefox: Import Bookmark / Toolbar Button.
- Opera:Import Bookmark / Toolbar Button.
- Chrome: Import Bookmark / Toolbar Button.

TSA TCP-based (IP port number 318)

Client script download:

How to use TSA TCP-based client.
$ perl 318 file

client: tsq file: file.tsq 
client: tsr file: file.tsr 
client: [Connected to]
client: client: transfer of the file.tsq to the server completed 
client: 40	file.tsq

$ wget
$ wget

# Timestamp Information.
$ openssl ts -reply -in file.tsr -text

# Verify (two diferent ways).
$ openssl ts -verify -data file -in file.tsr -CAfile cacert.pem -untrusted tsa.crt 
$ openssl ts -verify -in file.tsr -queryfile file.tsq -CAfile cacert.pem -untrusted tsa.crt
Verification: OK

Web Time Stamp Request Input (HTTP / HTTPS)

Request .tsr (Time stamp response).
Request .der (Time stamp token).

Time Stamp Request" (tsq) file to upload.

How to create a tsq file (SHA 512) from terminal.
$ openssl ts -query -data file.png -no_nonce -sha512 -out file.tsq

# Option -cert: FreeTSA is expected to include its signing certificate in the response. (Optional)
# If the tsq was created with the option "-cert", its verification does not require "-untrusted".

$ openssl ts -query -data file.png -no_nonce -sha512 -cert -out file.tsq

cURL Time Stamp Request Input (HTTP / HTTPS) and tsget
# HTTP 2.0 in cURL: Get the latest cURL release and use this command: curl --http2.

$ curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' > file.tsr

# Using the Tor-network.
$ curl -k --socks5-hostname -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://th3ccojidpgbgv5d.onion/tsr > file.tsr

# tsget is very useful to stamp multiple time-stamp-queries:

$ tsget -h file1.tsq file2.tsq file3.tsq

$ openssl ocsp -sha512 -CAfile cacert.pem -issuer cacert.pem -cert tsa.crt -url -resp_text

CRL (Revocation List):
$ wget
$ openssl crl -in root_ca.crl -noout -text

Search Timestamp by file hash


Command line.
$ curl -s | gunzip -c | grep -i 2f9462a4dbcb4af4f05a0d5

NTP and DNSCRYPT service
# NTP Server: (IPv4 / IPv6)
$ ntpdate

# DNSCRYPT Server parameters.
ProviderKey      D8FF:BB42:E031:BE7A:7973:0B45:568D:496A:4E8A:CB59:AA83:66FD:6AB9:1E27:2A7D:16E4
DNS TXT record

# Example using dnscrypt-proxy as client to connect with freetsa DNSCRYPT service.
$ dnscrypt-proxy --local-address= \
	         --resolver-address= \

# The Freetsa server is in the default list of available servers in the dnscrypt-proxy client.
# To force the use of DNSCrypt-Freetsa server edit /etc/dnscrypt-proxy.conf and add "ResolverName" (by default "random").

FreeTSA IPv6 Addresses

Any of these IPv6 can be used for DNSCRYPT resolution (only DNSCRYPT in TCP mode).


Security based HTTP response headers

- HPKP helps prevent Man in the Middle attack (MitM) by mitigating fake certificates.
- HSTS forces your browser to use HTTPS, which also mitigages some mitm attacks.
- CSP is a way to combat xss and malware via malicious ad-injection.

Contact: busilezas [@] gmail [.] com (GPG Key: ABE8AF92)