Notary

notary : a simple trusted timestamping server

[Forthcoming: descriptions of trusted timestamping, how notary works, installation instructions]

Once the notary server is set up, send SHA1 hashes to timestamp by HTTP POST. For example, you can add a post-commit hook in your git repositories:

curl -d sha1=$(git rev-parse HEAD) http://example.com/notary/notarize.cgi

This creates a trusted timestamp of each commit to prove when it was created.

Each timestamp is signed, so anyone can verify its authenticity using GnuPG. The timestamps are also "chained", which makes it almost impossible for anyone, even the server admin, to forge timestamps.

Once created, timestamps can be accessed from the server by:

curl -d sha1=<SHA1-of-data> http://example.com/notary/verify.cgi

This means that you don't have to store anything yourself; the SHA1 hash is all you need to confirm the time at which you submitted it for timestamping.

Please get in touch if you want to help out with this project.