Stamper provides an rfc3161 Timestamping Authority accessible over HTTPS at:-
https://timestamp.stamper.itconsult.co.uk/stamp-tsa
which supports the hashes: sha256, sha384 & sha512
The first step is to create a timestamp query (TSQ), which generates a hash of the document to be timestamped:-
[top be updated once upgrades have gone live] $ openssl ts -query -data file01.txt -no_nonce -sha512 -out file01.tsq Using configuration from /usr/lib/ssl/openssl.cnf
The generated TSQ is then submitted to Stamper, which provides a timestamp response (TSR):-
[top be updated once upgrades have gone live]
$ curl -H "Content-Type: application/timestamp-query" --data-binary '@file01.tsq' -o file01.tsr https://timestamp.stampertest.itconsult.co.uk/stamp-tsa
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1603 0 1515 100 88 1141 66 0:00:01 0:00:01 --:--:-- 1208
The contents of the TSR can be shown by:-
[top be updated once upgrades have gone live]
$ openssl ts -reply -in file01.tsr -text
Using configuration from /usr/lib/ssl/openssl.cnf
Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified
TST info:
Version: 1
Policy OID: tsa_policy1
Hash Algorithm: sha512
Message data:
0000 - 28 c8 ce dc b8 d9 d4 4b-b3 f5 50 40 c2 66 b4 f2 (......K..P@.f..
0010 - f7 ee af a5 fe 58 a8 35-6c a5 27 a1 f0 aa a5 e3 .....X.5l.'.....
0020 - 2e 41 86 ad 0d 09 48 07-ab a8 97 74 d3 43 10 5c .A....H....t.C.\
0030 - 56 50 07 05 69 13 79 03-c4 57 67 ec 84 24 f7 d7 VP..i.y..Wg..$..
Serial number: 0x2DC700
Time stamp: Oct 14 09:26:20 2025 GMT
Accuracy: 0x05 seconds, unspecified millis, unspecified micros
Ordering: yes
Nonce: unspecified
TSA: DirName:/C=JE/O=I T Consultancy Limited/CN=TEST Stamper Timestamp 1
Extensions:
Inconveniently, rfc3161 uses hexadecimal numbers whereas Stamper uses decimal. Thus, the serial number 0x2DC700 equates to Stamper-Id 3000064. What Stamper also does, is to timestamp the TSR with PGP and it is the PGP timestamps which are chained together.
The corresponding PGP timestamp can be retrieved and examined:-
[top be updated once upgrades have gone live]
$ curl -o 3000064.asc https://timestamp.stampertest.itconsult.co.uk/get-sig-pgp?stamperid=3000064
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 268 0 268 0 0 2802 0 --:--:-- --:--:-- --:--:-- 2791
$ cat 3000064.asc
-----BEGIN PGP SIGNATURE-----
Comment: ***TEST*** Stamper id: 3000064
iHUEABYKAB0WIQTDFyuhAs0/qLwsIHGWmaHoMo1lrQUCaO4XPAAKCRCWmaHoMo1l
rdCkAQCYLIn98OGxgRcVB3AGfiTLcA1jWDFVKIcGsAaO81IyVwD9GccCIeXZNuX2
lut7XJMuqiuQJytzjXbB0wayzKzjPAo=
=gzJ4
-----END PGP SIGNATURE-----
The authenticity or the TSR can then be validated:-
[top be updated once upgrades have gone live] $ gpg --verify 3000064.asc file01.tsr gpg: Signature made Tue 14 Oct 2025 09:26:20 UTC gpg: using EDDSA key C3172BA102CD3FA8BC2C20719699A1E8328D65AD
Finally, the TSR can be validated against the original data:-
[top be updated once upgrades have gone live] [note: only seems to work with openssl 1 not 3] $ openssl ts -verify -data file01.txt -in file01.tsr -CAfile tsa-chain.pem -untrusted tsa.crt Using configuration from /etc/pki/tls/openssl.cnf Verification: OK