Test the integration

Testing consists of time stamping a file as described in the Entrust Timestamping Authority 2.1 Deployment Guide, section Testing the timestamping service. The time stamping request comes from the server first introduced in integrate-nshield-timestamping-auth.adoc#export-root-ca.

  1. Select a file to be time stamped.

    C:\Users\Administrator\Downloads>type hello-world.txt
hello, world

  2. Create a tsq (time stamp request) file, which contains a hash of the file created above to be signed.

    C:\Users\Administrator\Downloads>openssl ts -query -data hello-world.txt -sha512 -cert -out hello-world.tsq
Using configuration from C:\Program Files\nCipher\nfast\\openssl\openssl.cnf

  3. Validate the time stamp request file.

    C:\Users\Administrator\Downloads>openssl ts -query -in hello-world.tsq -text
Using configuration from C:\Program Files\nCipher\nfast\\openssl\openssl.cnf
Version: 1
Hash Algorithm: sha512
Message data:
    0000 - 87 10 33 9d cb 68 14 d0-d9 d2 29 0e f4 22 28 5c   ..3..h....).."(\
    0010 - 93 22 b7 16 39 51 f9 a0-ca 8f 88 3d 33 05 28 6f   ."..9Q.....=3.(o
    0020 - 44 13 9a a3 74 84 8e 41-74 f5 aa da 66 30 27 e4   D...t..At...f0'.
    0030 - 54 86 37 b6 d1 98 94 ae-c4 fb 6c 46 a1 39 fb f9   T.7.......lF.9..
Policy OID: unspecified
Nonce: 0xBC6B597D588FA6DC
Certificate required: yes
Extensions:

  4. Issue the time stamp request.

    C:\Users\Administrator\Downloads>curl -H "Content-Type: application/timestamp-query" -H "Accept: application/timestamp-reply" --data-binary "@hello-world.tsq" http://10.194.148.51/tsa/nshield-integration --output hello-world.tsr
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3279  100  3177  100   102  73797   2369 --:--:-- --:--:-- --:--:-- 78071

  5. Parse the timestamp response to validate the format.

    C:\Users\Administrator\Downloads>openssl ts -reply -in hello-world.tsr -text
Using configuration from C:\Program Files\nCipher\nfast\\openssl\openssl.cnf
Status info:
Status: Granted.
Status description: Operation Okay
Failure info: unspecified

TST info:
Version: 1
Policy OID: Time Stamping
Hash Algorithm: sha512
Message data:
    0000 - 87 10 33 9d cb 68 14 d0-d9 d2 29 0e f4 22 28 5c   ..3..h....).."(\
    0010 - 93 22 b7 16 39 51 f9 a0-ca 8f 88 3d 33 05 28 6f   ."..9Q.....=3.(o
    0020 - 44 13 9a a3 74 84 8e 41-74 f5 aa da 66 30 27 e4   D...t..At...f0'.
    0030 - 54 86 37 b6 d1 98 94 ae-c4 fb 6c 46 a1 39 fb f9   T.7.......lF.9..
Serial number: 0xFC247B10D7AD0453
Time stamp: May 28 21:18:22 2025 GMT
Accuracy: unspecified
Ordering: no
Nonce: 0xBC6B597D588FA6DC
TSA: DirName:/CN=TSA
Extensions:

  6. Verify the timestamp response against the original data. Notice the chain.pem file created in integrate-nshield-timestamping-auth.adoc#export-root-ca.

    C:\Users\Administrator\Downloads>openssl ts -verify -in hello-world.tsr -CAfile chain.pem -data hello-world.txt -ignore_critical -purpose any
Using configuration from C:\Program Files\nCipher\nfast\\openssl\openssl.cnf
Verification: OK

  7. Verify the response against the timestamp request.

    C:\Users\Administrator\Downloads>openssl ts -verify -in hello-world.tsr -CAfile chain.pem -queryfile hello-world.tsq -ignore_critical -purpose any
Using configuration from C:\Program Files\nCipher\nfast\\openssl\openssl.cnf
Verification: OK