Introduction

The ImageMaster Signature Service provides capabilities to give content objects, which are stored in the ImageMaster system, the proof of their integrity and authenticity. On the one hand it’s possible to extend content with digital time signatures created by an arbitrary Time-Stamping Authority (TSA), on the other hand it’s possible to provide a long-term preservation of evidence using so called Merkle hash trees. The principles of the second approach can be found in the TR-ESOR specification “BSI Technical Guideline 03125 Preservation of Evidence of Cryptographically Signed Documents” [BSI TR-03125].

The ImageMaster Signature Service provides these main features supported by different submodules:

• ImageMaster Time Signature for individual documents (time-stamping functionality)

• ImageMaster Evidence Tree Signature (long term preservation in hash tree)

Prerequisites

Both features need access to a Time-Stamping Authority (TSA) or Time-Stamping Unit (TSU). To use timestamps successfully, the following should be observed:

• The connection to a TSA must be enabled in the customer network.

• For a commercial TSA a contingent of timestamps must be acquired. A non-commercial TSA often does not meet the requirements for probative timestamps.

• Timestamps are mostly signed by a Time-Stamping Authority. The signing certificates must be accepted by the system. This could cause a bigger effort of configuration work for new TSAs!

• In case of signature verification, the connection to OCSP (Online Certificate Status Protocol) providers must be enabled. This can also be necessary for the signing certificates of a TSA.

• To generate the verification reports, ensure that the required font package is installed on the ImageMaster application server. See Font package installation in the installation manual [IM ImageMaster].