### Upload Release to PyPI Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Upload the built distribution files to the Python Package Index (PyPI). Requires twine to be installed. ```bash $ twine upload -s dist/* ``` -------------------------------- ### Timestamping with SHA256 Hash Algorithm Source: https://github.com/trbs/rfc3161ng/blob/master/README.rst This example demonstrates how to timestamp data when the server specifically requires the SHA256 hash algorithm. The `hashname` parameter is used to specify this. ```python import rfc3161ng timestamper = rfc3161ng.RemoteTimestamper('https://interop.redwax.eu/test/timestamp', hashname='sha256') tsr = timestamper(data=b'The RedWax Project', return_tsr=True) print('{}'.format(tsr)) ``` -------------------------------- ### Get Timestamp with Naive or Aware Datetime Source: https://context7.com/trbs/rfc3161ng/llms.txt Demonstrates how to obtain a timestamp token with either naive UTC or timezone-aware datetime objects. Ensure 'tst' is a valid timestamp object. ```python naive_dt = rfc3161ng.get_timestamp(tst, naive=True) print(naive_dt) # datetime.datetime(2024, 3, 15, 12, 0, 0) ``` ```python aware_dt = rfc3161ng.get_timestamp(tst, naive=False) print(aware_dt) # datetime.datetime(2024, 3, 15, 12, 0, 0, tzinfo=tzutc()) ``` -------------------------------- ### Authenticated TSA Servers with HTTP Basic Auth Source: https://context7.com/trbs/rfc3161ng/llms.txt When a TSA server requires HTTP Basic Authentication, provide the `username` and `password` arguments to the `RemoteTimestamper` constructor. This example demonstrates authenticating with a TSA server. ```python import rfc3161ng import datetime with open('data/e_szigno_test_tsa2.crt', 'rb') as f: certificate_data = f.read() timestamper = rfc3161ng.RemoteTimestamper( 'https://teszt.e-szigno.hu:440/tsa', certificate=certificate_data, username='teszt', password='teszt', hashname='sha256', ) data = b'{"files": [{"name": "report.pdf", "digest": "abc123"}]}' tst = timestamper(data=data, nonce=99) assert isinstance(rfc3161ng.get_timestamp(tst), datetime.datetime) print("Timestamp obtained:", rfc3161ng.get_timestamp(tst)) # Timestamp obtained: datetime.datetime(2024, 3, 15, 14, 5, 11, tzinfo=tzutc()) ``` -------------------------------- ### Extract Datetime from TimeStampToken Source: https://context7.com/trbs/rfc3161ng/llms.txt The `get_timestamp` function decodes a `TimeStampToken` to extract the embedded `genTime`. By default (`naive=True`), it returns a UTC datetime without timezone info. Set `naive=False` to get a timezone-aware datetime object. ```python import rfc3161ng with open('data/certum_certificate.crt', 'rb') as f: certificate = f.read() timestamper = rfc3161ng.RemoteTimestamper('http://time.certum.pl', certificate=certificate) tst = timestamper(data=b'document contents') ``` -------------------------------- ### Bump Version for Development Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Update version numbers in setup.py and rfc3161ng/__init__.py to the next development version and commit. ```bash $ vi setup.py $ vi rfc3161ng/__init__.py $ git commit -m 'bumped version number' setup.py rfc3161ng/__init__.py ``` -------------------------------- ### Update Version Numbers and Commit Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Modify version numbers in setup.py and rfc3161ng/__init__.py, then commit these changes. ```bash $ vi setup.py $ vi rfc3161ng/__init__.py $ git commit -m 'v2.0.0' setup.py rfc3161ng/__init__.py ``` -------------------------------- ### Run Tests Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Execute all tests using tox to ensure the project is in a stable state before release. ```bash $ tox -r ``` -------------------------------- ### Tag the Release Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Create a Git tag for the new release version. ```bash $ git tag 2.0.0 ``` -------------------------------- ### RemoteTimestamper - Basic Usage Source: https://context7.com/trbs/rfc3161ng/llms.txt Demonstrates how to initialize RemoteTimestamper, request a timestamp for arbitrary bytes, and verify the returned TimeStampToken. ```APIDOC ## RemoteTimestamper ### Description `RemoteTimestamper` is the primary interface for interacting with a remote Time Stamping Authority. It handles building the request, posting it over HTTP, decoding the response, and optionally verifying the returned `TimeStampToken` against a provided TSA certificate. It can be called directly or via its `.timestamp()` method. ### Method `timestamp(data: bytes, nonce: Optional[int] = None) -> bytes` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python import rfc3161ng # Load the TSA certificate (DER or PEM format) with open('data/certum_certificate.crt', 'rb') as f: certificate = f.read() # Create the timestamper pointing at a public TSA timestamper = rfc3161ng.RemoteTimestamper( url='http://time.certum.pl', certificate=certificate, hashname='sha256', # default is 'sha1' include_tsa_certificate=False, timeout=10, ) # Request a timestamp for arbitrary bytes tst = timestamper.timestamp(data=b'Hello, World!') # tst is a DER-encoded bytes object (TimeStampToken) # Verify the token against the original data assert timestamper.check(tst, data=b'Hello, World!') is True # Extract the timestamp as a Python datetime ts = rfc3161ng.get_timestamp(tst) print(ts) ``` ### Response #### Success Response (200) - **tst** (bytes) - DER-encoded TimeStampToken ``` -------------------------------- ### Prepare Release Tarball Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Generate source distribution (sdist) and wheel (bdist_wheel) packages. ```bash $ python ./setup.py sdist bdist_wheel ``` -------------------------------- ### Clean Build Directory Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Remove any existing build and distribution directories to ensure a clean build. ```bash $ rm -r build dist ``` -------------------------------- ### RemoteTimestamper - Advanced Options (nonce, return_tsr) Source: https://context7.com/trbs/rfc3161ng/llms.txt Shows how to use the `__call__` interface of `RemoteTimestamper` with additional options like `nonce` for replay protection and `return_tsr=True` to obtain the full `TimeStampResp` object. ```APIDOC ## RemoteTimestamper with nonce and return_tsr ### Description The `__call__` interface of `RemoteTimestamper` exposes additional options: a `nonce` for replay protection and `return_tsr=True` to get back the full `TimeStampResp` object (useful for saving the `.tsr` file for offline OpenSSL verification). ### Method `__call__(data: bytes, nonce: Optional[int] = None, return_tsr: bool = False) -> Union[bytes, TimeStampResp] ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python import rfc3161ng from pyasn1.codec.der import encoder with open('data/freetsa.crt', 'rb') as f: certificate_data = f.read() timestamper = rfc3161ng.RemoteTimestamper( 'http://freetsa.org/tsr', certificate=certificate_data, hashname='sha256', ) data = b"My important document content" # Return the full TimeStampResp (not just the token) tsr = timestamper(data=data, nonce=42, return_tsr=True) # Save the TSR to disk for external verification with open("document.tsr", "wb") as f: f.write(encoder.encode(tsr)) # Verify with OpenSSL from the command line: # openssl ts -verify -data document.txt -in document.tsr \ # -CAfile data/freetsa_cacert.pem -untrusted data/freetsa.crt ``` ### Response #### Success Response (200) - **tsr** (TimeStampResp) - The full TimeStampResp object if `return_tsr=True`, otherwise a DER-encoded TimeStampToken. ``` -------------------------------- ### Push Changes and Tags Source: https://github.com/trbs/rfc3161ng/blob/master/creating_release.rst Push all local commits and tags to the remote repository. ```bash $ git push --tags $ git push ``` -------------------------------- ### RemoteTimestamper - HTTP Basic Auth Source: https://context7.com/trbs/rfc3161ng/llms.txt Illustrates how to configure `RemoteTimestamper` to use HTTP Basic Authentication credentials for TSA servers that require them. ```APIDOC ## RemoteTimestamper with HTTP Basic Auth ### Description Some TSA servers require HTTP Basic Authentication credentials. Pass `username` and `password` to `RemoteTimestamper`. ### Method `__call__(data: bytes, nonce: Optional[int] = None) -> bytes` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python import rfc3161ng import datetime with open('data/e_szigno_test_tsa2.crt', 'rb') as f: certificate_data = f.read() timestamper = rfc3161ng.RemoteTimestamper( 'https://teszt.e-szigno.hu:440/tsa', certificate=certificate_data, username='teszt', password='teszt', hashname='sha256', ) data = b'{"files": [{"name": "report.pdf", "digest": "abc123"}]}' tst = timestamper(data=data, nonce=99) assert isinstance(rfc3161ng.get_timestamp(tst), datetime.datetime) print("Timestamp obtained:", rfc3161ng.get_timestamp(tst)) ``` ### Response #### Success Response (200) - **tst** (bytes) - DER-encoded TimeStampToken ``` -------------------------------- ### Advanced RemoteTimestamper Options: Nonce and Return TSR Source: https://context7.com/trbs/rfc3161ng/llms.txt Utilize the `__call__` interface of `RemoteTimestamper` to include a `nonce` for replay protection and set `return_tsr=True` to obtain the full `TimeStampResp` object. This is useful for saving the `.tsr` file for offline verification with tools like OpenSSL. ```python import rfc3161ng from pyasn1.codec.der import encoder with open('data/freetsa.crt', 'rb') as f: certificate_data = f.read() timestamper = rfc3161ng.RemoteTimestamper( 'http://freetsa.org/tsr', certificate=certificate_data, hashname='sha256', ) data = b"My important document content" # Return the full TimeStampResp (not just the token) tsr = timestamper(data=data, nonce=42, return_tsr=True) # Save the TSR to disk for external verification with open("document.tsr", "wb") as f: f.write(encoder.encode(tsr)) # Verify with OpenSSL from the command line: # openssl ts -verify -data document.txt -in document.tsr \ # -CAfile data/freetsa_cacert.pem -untrusted data/freetsa.crt ``` -------------------------------- ### Timestamping Data with a Public Provider Source: https://github.com/trbs/rfc3161ng/blob/master/README.rst Use this snippet to timestamp arbitrary data using a public timestamping service. Ensure you have the service's certificate available. ```python import rfc3161ng certificate = open('data/certum_certificate.crt', 'rb').read() rt = rfc3161ng.RemoteTimestamper('http://time.certum.pl', certificate=certificate) tst = rt.timestamp(data=b'John Doe') rt.check(tst, data=b'John Doe') rfc3161ng.get_timestamp(tst) ``` -------------------------------- ### Map Hash Name to ASN.1 OID Source: https://context7.com/trbs/rfc3161ng/llms.txt Converts common hash algorithm names (e.g., 'sha1', 'sha256') to their corresponding pyasn1 ObjectIdentifier. Useful for building custom ASN.1 structures. ```python import rfc3161ng oid_sha256 = rfc3161ng.get_hash_oid('sha256') print(oid_sha256) # 2.16.840.1.101.3.4.2.1 ``` ```python oid_sha1 = rfc3161ng.get_hash_oid('sha1') print(oid_sha1) # 1.3.14.3.2.26 # Compare with the module-level constant assert oid_sha256 == rfc3161ng.id_sha256 assert oid_sha1 == rfc3161ng.id_sha1 ``` -------------------------------- ### Build Timestamp Request Object Source: https://context7.com/trbs/rfc3161ng/llms.txt Constructs a TimeStampReq ASN.1 object without sending it. Useful for inspection or manual request construction. Can be built from raw data or a pre-computed digest. ```python import rfc3161ng # Build a request from raw data tsq = rfc3161ng.make_timestamp_request( data=b'test data', hashname='sha256', include_tsa_certificate=True, nonce=12345, ) print(tsq.prettyPrint()) # TimeStampReq: # version=v1 # messageImprint=MessageImprint: # hashAlgorithm=AlgorithmIdentifier: # algorithm=2.16.840.1.101.3.4.2.1 # hashedMessage=0x... # nonce=12345 # certReq=True ``` ```python # Build from a pre-computed digest import hashlib digest = hashlib.sha256(b'test data').digest() tsq2 = rfc3161ng.make_timestamp_request(digest=digest, hashname='sha256') ``` -------------------------------- ### make_timestamp_request Source: https://context7.com/trbs/rfc3161ng/llms.txt Constructs a TimeStampReq ASN.1 object without sending it anywhere. Useful for inspection, logging, or constructing requests manually before encoding. ```APIDOC ## make_timestamp_request — Build a TimeStampReq ASN.1 object `make_timestamp_request(data=None, digest=None, hashname='sha1', include_tsa_certificate=False, nonce=None, tsa_policy_id=None)` constructs a `TimeStampReq` pyasn1 object without sending it anywhere. Useful for inspection, logging, or constructing requests manually before encoding. ```python import rfc3161ng # Build a request from raw data ts q = rfc3161ng.make_timestamp_request( data=b'test data', hashname='sha256', include_tsa_certificate=True, nonce=12345, ) print(tsq.prettyPrint()) # TimeStampReq: # version=v1 # messageImprint=MessageImprint: # hashAlgorithm=AlgorithmIdentifier: # algorithm=2.16.840.1.101.3.4.2.1 # hashedMessage=0x... # nonce=12345 # certReq=True # Build from a pre-computed digest import hashlib digest = hashlib.sha256(b'test data').digest() ts q2 = rfc3161ng.make_timestamp_request(digest=digest, hashname='sha256') ``` ``` -------------------------------- ### Request and Verify Timestamps with RemoteTimestamper Source: https://context7.com/trbs/rfc3161ng/llms.txt Use `RemoteTimestamper` to request a timestamp for arbitrary bytes from a remote TSA. The `check` method verifies the returned token against the original data. Ensure the TSA certificate is loaded and the correct hash algorithm is specified. ```python import rfc3161ng # Load the TSA certificate (DER or PEM format) with open('data/certum_certificate.crt', 'rb') as f: certificate = f.read() # Create the timestamper pointing at a public TSA timestamper = rfc3161ng.RemoteTimestamper( url='http://time.certum.pl', certificate=certificate, hashname='sha256', # default is 'sha1' include_tsa_certificate=False, timeout=10, ) # Request a timestamp for arbitrary bytes tst = timestamper.timestamp(data=b'Hello, World!') # tst is a DER-encoded bytes object (TimeStampToken) # Verify the token against the original data assert timestamper.check(tst, data=b'Hello, World!') is True # Extract the timestamp as a Python datetime ts = rfc3161ng.get_timestamp(tst) print(ts) # datetime.datetime(2024, 3, 15, 10, 22, 35, tzinfo=tzutc()) ``` -------------------------------- ### Saving Timestamp Response to a File Source: https://github.com/trbs/rfc3161ng/blob/master/README.rst This snippet shows how to obtain a timestamp response (TSR) and save it to a file using DER encoding. This is useful for later verification with tools like OpenSSL. ```python from pyasn1.codec.der import encoder import rfc3161ng timestamper = rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr', certificate=certificate_data) tsr = timestamper(data=data_file.read(), return_tsr=True) with open("data_file.tsr", "wb") as f: f.write(encoder.encode(tsr)) ``` -------------------------------- ### get_hash_oid Source: https://context7.com/trbs/rfc3161ng/llms.txt Maps a hash algorithm name to its corresponding ASN.1 Object Identifier (OID). Supported names include 'sha1', 'sha256', 'sha384', and 'sha512'. This function is useful for constructing custom ASN.1 structures. ```APIDOC ## get_hash_oid — Map hash name to ASN.1 OID `get_hash_oid(hashname)` returns the pyasn1 `ObjectIdentifier` for a given hash algorithm name. Supported names are `'sha1'`, `'sha256'`, `'sha384'`, and `'sha512'`. Useful when building custom ASN.1 structures. ```python import rfc3161ng oid_sha256 = rfc3161ng.get_hash_oid('sha256') print(oid_sha256) # 2.16.840.1.101.3.4.2.1 oid_sha1 = rfc3161ng.get_hash_oid('sha1') print(oid_sha1) # 1.3.14.3.2.26 # Compare with the module-level constant assert oid_sha256 == rfc3161ng.id_sha256 assert oid_sha1 == rfc3161ng.id_sha1 ``` ``` -------------------------------- ### DER Serialization of Timestamp Requests Source: https://context7.com/trbs/rfc3161ng/llms.txt Encodes a TimeStampReq ASN.1 object to DER bytes and decodes DER bytes back into a TimeStampReq object. Supports round-trip serialization. ```python import rfc3161ng # Build and encode tsq = rfc3161ng.make_timestamp_request(data=b'test', hashname='sha1') binary = rfc3161ng.encode_timestamp_request(tsq) print(binary) # b'0$\x02\x01\x010\x1f0\x07\x06\x05+\x0e\x03\x02\x1a\x04\x14...' ``` ```python # Decode back tsq_decoded = rfc3161ng.decode_timestamp_request(binary) original_imprint = tsq.getComponentByPosition(1).getComponentByPosition(1) decoded_imprint = tsq_decoded.getComponentByPosition(1).getComponentByPosition(1) assert original_imprint == decoded_imprint ``` -------------------------------- ### encode_timestamp_request / decode_timestamp_request Source: https://context7.com/trbs/rfc3161ng/llms.txt Provides DER serialization and deserialization for TimeStampReq objects. `encode_timestamp_request` converts a TimeStampReq object to DER bytes, while `decode_timestamp_request` parses DER bytes back into a TimeStampReq object, enabling round-trip serialization. ```APIDOC ## encode_timestamp_request / decode_timestamp_request — DER serialization of requests `encode_timestamp_request(request)` DER-encodes a `TimeStampReq` ASN.1 object to bytes. `decode_timestamp_request(request)` parses DER bytes back into a `TimeStampReq`. Together they support round-trip serialization of timestamp requests. ```python import rfc3161ng # Build and encode ts q = rfc3161ng.make_timestamp_request(data=b'test', hashname='sha1') binary = rfc3161ng.encode_timestamp_request(tsq) print(binary) # b'0$\\\x02\x01\x010\x1f0\x07\x06\x05+\\x0e\x03\x02\x1a\x04\x14...' # Decode back ts q_decoded = rfc3161ng.decode_timestamp_request(binary) original_imprint = tsq.getComponentByPosition(1).getComponentByPosition(1) decoded_imprint = tsq_decoded.getComponentByPosition(1).getComponentByPosition(1) assert original_imprint == decoded_imprint ``` ``` -------------------------------- ### encode_timestamp_response / decode_timestamp_response Source: https://context7.com/trbs/rfc3161ng/llms.txt Handles DER serialization and deserialization for TimeStampResp objects. `encode_timestamp_response` converts a TimeStampResp object to DER bytes, and `decode_timestamp_response` parses raw DER bytes into a TimeStampResp object, which includes PKIStatusInfo and an optional TimeStampToken. ```APIDOC ## encode_timestamp_response / decode_timestamp_response — DER serialization of responses `encode_timestamp_response(response)` DER-encodes a `TimeStampResp` object. `decode_timestamp_response(response)` parses raw DER bytes (e.g., the HTTP response body from a TSA) into a `TimeStampResp` containing both `PKIStatusInfo` and an optional `TimeStampToken`. ```python import rfc3161ng import requests # Manually send a timestamp request and decode the response ts q = rfc3161ng.make_timestamp_request(data=b'document', hashname='sha256') binary_request = rfc3161ng.encode_timestamp_request(tsq) response = requests.post( 'http://freetsa.org/tsr', data=binary_request, headers={'Content-Type': 'application/timestamp-query'}, timeout=10, ) response.raise_for_status() ts r = rfc3161ng.decode_timestamp_response(response.content) # Inspect the PKI status print(int(tsr.status['status'])) # 0 = granted # Re-encode if needed (e.g., for storage) raw = rfc3161ng.encode_timestamp_response(tsr) ``` ``` -------------------------------- ### check_timestamp Source: https://context7.com/trbs/rfc3161ng/llms.txt Verifies a TimeStampToken independently. It validates the message imprint, content type, authenticated attributes digest, and the RSA/PKCS1v15 signature against the TSA certificate. Returns True on success, raises ValueError on failure. ```APIDOC ## check_timestamp — Standalone cryptographic verification `check_timestamp(tst, certificate, data=None, digest=None, hashname=None, nonce=None)` verifies a `TimeStampToken` independently of any `RemoteTimestamper` instance. It validates the message imprint, content type, authenticated attributes digest, and the RSA/PKCS1v15 signature against the TSA certificate. Returns `True` on success, raises `ValueError` on failure. ```python import rfc3161ng with open('data/certum_certificate.crt', 'rb') as f: certificate = f.read() # Assume tst_bytes was loaded from storage with open('saved_token.tst', 'rb') as f: tst_bytes = f.read() # Verify by passing the original data try: result = rfc3161ng.check_timestamp( tst_bytes, certificate=certificate, data=b'original document bytes', hashname='sha256', ) print("Valid:", result) # Valid: True except ValueError as e: print("Verification failed:", e) # Alternatively verify using a pre-computed digest import hashlib digest = hashlib.sha256(b'original document bytes').digest() result = rfc3161ng.check_timestamp( tst_bytes, certificate=certificate, digest=digest, hashname='sha256', ) ``` ``` -------------------------------- ### get_timestamp Source: https://context7.com/trbs/rfc3161ng/llms.txt Decodes a `TimeStampToken` and extracts the embedded `genTime` as a Python `datetime.datetime` object. Supports both raw DER bytes and parsed ASN.1 objects, with an option for naive or timezone-aware output. ```APIDOC ## get_timestamp ### Description `get_timestamp(tst, naive=True)` decodes a `TimeStampToken` (either raw DER bytes or a parsed ASN.1 object) and returns the embedded `genTime` as a Python `datetime.datetime`. When `naive=True` (default), the datetime is returned in UTC without timezone info; when `naive=False`, a timezone-aware datetime is returned. ### Method `get_timestamp(tst: Union[bytes, TimeStampToken], naive: bool = True) -> datetime.datetime` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python import rfc3161ng with open('data/certum_certificate.crt', 'rb') as f: certificate = f.read() timestamper = rfc3161ng.RemoteTimestamper('http://time.certum.pl', certificate=certificate) tst = timestamper(data=b'document contents') # Example of using get_timestamp ts = rfc3161ng.get_timestamp(tst) print(ts) ts_aware = rfc3161ng.get_timestamp(tst, naive=False) print(ts_aware) ``` ### Response #### Success Response (200) - **timestamp** (datetime.datetime) - The timestamp extracted from the TimeStampToken. ``` -------------------------------- ### DER Serialization of Timestamp Responses Source: https://context7.com/trbs/rfc3161ng/llms.txt Encodes a TimeStampResp object to DER bytes and decodes DER bytes back into a TimeStampResp object. Useful for handling responses from a TSA. ```python import rfc3161ng import requests # Manually send a timestamp request and decode the response tsq = rfc3161ng.make_timestamp_request(data=b'document', hashname='sha256') binary_request = rfc3161ng.encode_timestamp_request(tsq) response = requests.post( 'http://freetsa.org/tsr', data=binary_request, headers={'Content-Type': 'application/timestamp-query'}, timeout=10, ) response.raise_for_status() tsr = rfc3161ng.decode_timestamp_response(response.content) # Inspect the PKI status print(int(tsr.status['status'])) # 0 = granted ``` ```python # Re-encode if needed (e.g., for storage) raw = rfc3161ng.encode_timestamp_response(tsr) ``` -------------------------------- ### Handle TSA Communication Failures with TimestampingError Source: https://context7.com/trbs/rfc3161ng/llms.txt Catch TimestampingError when the HTTP request to the TSA fails due to network issues, timeouts, or non-2xx status codes. This exception wraps the underlying requests.RequestException. ```python import rfc3161ng timestamper = rfc3161ng.RemoteTimestamper( 'http://nonexistent-tsa.example.com/tsr', hashname='sha256', timeout=5, ) try: tst = timestamper(data=b'some data') except rfc3161ng.TimestampingError as e: print("TSA request failed:", e) # TSA request failed: ('Unable to send the request to ...', ConnectionError(...)) ``` -------------------------------- ### Standalone Timestamp Token Verification Source: https://context7.com/trbs/rfc3161ng/llms.txt Verifies a TimeStampToken independently using the TSA certificate. This method validates the message imprint, content type, digest, and signature. Requires the token bytes, certificate, and either original data or its digest. ```python import rfc3161ng with open('data/certum_certificate.crt', 'rb') as f: certificate = f.read() # Assume tst_bytes was loaded from storage with open('saved_token.tst', 'rb') as f: tst_bytes = f.read() # Verify by passing the original data try: result = rfc3161ng.check_timestamp( tst_bytes, certificate=certificate, data=b'original document bytes', hashname='sha256', ) print("Valid:", result) # Valid: True except ValueError as e: print("Verification failed:", e) ``` ```python # Alternatively verify using a pre-computed digest import hashlib digest = hashlib.sha256(b'original document bytes').digest() result = rfc3161ng.check_timestamp( tst_bytes, certificate=certificate, digest=digest, hashname='sha256', ) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.