Table of Contents
- PHP version 5.3.0 or newer;
- support for OpenSSL:
- OpenSSL 0.9.8 or newer has to be installed;
- PHP has to be compiled with the –with-openssl option (default in most binary distributions of PHP);
- the php_openssl extension has to be enabled in php.ini;
- support for cURL:
- libcurl 7.10.5 or newer has to be installed;
- PHP has to be compiled with the –with-curl option (default in most binary distributions of PHP);
- the php_curl extension has to be enabled in php.ini;
- support for BCMath:
- PHP has to be compiled with the –with-bcmath option (default in most binary distributions of PHP);
The use of the plugin requires a timestamping service. You may use the pre-configured timestamping service for non-comercial timestamping.
I am not aware of a public running installation. Please add if found.
For a introduction on linked timestamping see Wikipedia Linked_Timestamping
Every page already has down at the bottom right a line saying when it was changed the last time. Together with the revision history you should be able to find out when a page was created and modified. The problem is to prove that the given times are correct. Your computer clock could simply be set wrong. Or someone might have changed the metadata and the time information on the files. The aim of this plugin is to be able to prove that the page was written at the given time. It makes use of linked timestamping.
The general idea of (this type of) timestamping is to create a hash of the data and publish that hash, e.g. in a newspaper. If asked to prove that the date of your data is correct you ask whoever questions the fact to calculate the hash himself and compare it to the published hash in the newspaper. He then will believe that the data is at least as old as the newspaper. The advantage of using a hash is that it is a one-way operation. It is easy to calculate a hash form the data. But is impossible to generate data from a given hash. You do not need to publish your secret, valuable data to prove the date, you do not have to hand it to an attorney or put it in a safe.
The general idea of linked timestamping is to avoid having your newspapers clustered with hashes. A hash can simply be a part of the next data you hash! Simply stick it to the end of the new data and hash both together. You can wait e.g. ten rounds of data hashing before you publish it and save 9/10 of your newspaper costs. Or you throw you lot with other people who like to timestamp, each providing one hash, combined into a dataset of hashes, of which the hash is then published. You might save a lot and you add credibility to your timestamp as many other will have documents from the same date. Or you arrange the dependencies of you hashes like a tree, or like a … multitudes of possibilities.
This plugin makes use of the timestamping services of a commercial company GuardTime for timestamping. They also sign the the timestamp and send this information back to you, they take care of publishing the lists of hashes in a publications.bin file, publish in a newspaper every month and offer a service to check if the hash is correct. The plugin was developed with their help and includes their PHP-SDK, which is licensed as Apache 2.0.
- With the plug-in enabled, the file containing the raw content of the page is automatically signed and timestamped.
- That is what you write, it does not contain the content by the links or anything rendered or fancy database-output from other plugins!
- If you external edit the file or manipulate it with a plugin, the timestamp will not be valid any more.
- The signature information is automatically displayed under each entry, visible for any reader (no tool or plug-in is required on the reader's side).
- The signature and original raw content of all revision pages may be downloaded in a zip file for external validation.
Configuration and Settings
$conf['Timestamper_URL'] = 'http://stamper.guardtime.net/gt-timestampingservice'; //The URL of the service for connecting timestamps to Integrity Codes. $conf['Extender_URL'] = 'http://verifier.guardtime.net/gt-extendingservice'; //The URL where the GuardTime publications file can be downloaded. $conf['Publications_URL'] = 'http://verify.guardtime.com/gt-controlpublications.bin'; //Time of life for Publicationsfile in minutes $conf['Publications_TTL'] = 60;
- Initial release
- Fix: error message with no timestamp
- Fix: changed all lines with tempnam (also in gtlib library) to allow use with SAFE_MODE
Known Bugs and Issues
- There seem to be some problems with caching when requesting to download the same timestamp archive twice.
- As the attic files are compressed and the timestamp is made on the files, not on the content, the timestamp for the actual pages and for the attic revision are different. Usually the attic revision will stay while the pages timestamp file will simply be overwritten. In a better world we would only request one timestamp on the content and keep it at a central place.