Skip to content

Post-quantum trusted time-stamping server

License

Notifications You must be signed in to change notification settings

privacybydesign/atumd

 
 

Repository files navigation

atumd

Post-quantum trusted time-stamping service. See go-atum for more information on the protocol.

Setup

Create a config.yaml file:

bindAddr: :8080
canonicalUrl: http://localhost:8080

For all configuration options, see config.yaml.example

Run using Docker The easiest way to run atumd for development purposes is using Docker.

docker-compose up

Run using GO To install atumd, run

go install github.com/bwesterb/atumd

and run

atumd

You probably want to configure a proper webserver like nginx to act as proxy and set a corresponding sane canonicalUrl with HTTPS.

Warnings concerning redundancy and backups

atumd uses the statefull XMSS[MT] Signature scheme. Each signature has a sequence number (seqno) and a sequence number must not be reused as it is likely to lead to signature forgery. A private key has a largest sequence number which depends on the instance of the scheme. The first free sequence number is stored in the XMSSMT private key file. Thus

  • Do not copy the XMSSMT private key file, for then the same signature sequence number might be reused.
  • In particular, do not restore a keyfile from a backup.

Instead of backups, simply generate a new XMSSMT keypair for your atumd server if the old one gets corrupted. You can add the old public key to the otherTrustedPublicKeys list in the configuration so that signatures set by the old public key remain trusted.

Instead of copying the key for redundant copies of the server, create a new keypair for each server and again add the different public keys to the otherTrustedPublicKeys of all servers.

Clients

About

Post-quantum trusted time-stamping server

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Languages

  • Go 97.0%
  • Dockerfile 3.0%