How to make git repository tamperproof using RFC 3161 timestamps?

223 views Asked by At

I would like to create a git repository where it can be proven that every commit (plus the entire previous history) existed at a certain point in time, and I'd like this proof to be contained inside the commits by using a RFC 3161 TSA timestamping service (like these for example https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710).

I found this gwern.net/Timestamping article, where a post-commit hook is used to run a script to timestamp the commit hash. However, if I understand the suggestion correctly, then the RFC 3161 tokens have to be kept separately, while I would like them to be part of the repositories itself.

One thing I could think of would be to always create a second commit that contains no files and just the RFC 3161 timestamp token of the previous commit's hash as its commit message, so it would be always something like

[data commit] - [timestamp token commit] - [data commit] - [timestamp token commit] ...

But then I would need my git repository on the server to only accept a push that follows this structure (and it would need to verify the timestamp tokens before accepting the push).

How could I do this? Or is there a simpler (or maybe even standardized) way of achieving that?

0

There are 0 answers