• Internet connection
• Windows XP/Vista/8, Linux Ubuntu/CentOS
• Supported as a beta for Mac OS X
• Java Runtime Environment 1.5 (5.0) or newer

Please select a pre-configured download to get started according to your need, however, all versions are able to sign and verify in all modes and can be further configured in the application settings.

 KSI Desktop Signer, PDF

 KSI Desktop Signer, local file system

 KSI Desktop Signer, cloud (experimental)

• Once the download is complete, click the downloaded .jar file to open the application.
• Once the application window opens, drag-and-drop files to sign or verify.
• For further information, please refer to Help section in the application.

• Internet connection
• Windows XP/Vista, Linux Ubuntu/CentOS
• Supported as a beta for Mac OS X
• Java Runtime Environment 1.5 (5.0) or newer

• Once the download is complete, click the downloaded .jar file to open the application.
• Once the application window opens, browse the directory to select an individual file to sign or verify.
• Please note that for the signature verification to function you need to have your original document and its associated signature (the file with a .gtts extension); both located in the same folder.

• RHEL 6 and derivatives – 32 bit CPU
• RHEL 6 and derivatives – 64 bit CPU
• Windows 32-bit binary
• Debian 5 and derivatives – 32 bit CPU
• Debian 5 and derivatives – 64 bit CPU
• Mac OS X 10.5, 10.6 universal
• OpenSolaris, Joyent VPS i386

• RHEL 5 and derivatives – 32 bit CPU
• RHEL 5 and derivatives – 64 bit CPU
• Windows 32-bit binary
• Debian 5 and derivatives – 32 bit CPU
• Debian 5 and derivatives – 64 bit CPU
• Mac OS X 10.5, 10.6 universal
• OpenSolaris, Joyent VPS i386

System Setup for Signing

Configure the system to rotate log files daily. Configure the system to use a sensible date pattern in the rotated log file:

• In the case of rsyslog or syslog specify options ‘date’ and ‘dateext’ in the file /etc/logrotate.conf;
• In the case of syslog-ng use suitable log destination naming pattern ‘file(…)’ in its configuration file.

Create a shell script which signs all log files shortly after their rotation. This could be executed through a crontab. Create a user account with the permissions necessary to read and create files in path /data/logs and enter its crontab entry (crontab -e):

9 0 * * * find /data/logs/ -name \*`date -d yesterday +"\%Y\%m\%d"`\*.log -exec gtime -s -f \{\} -o \{\}.gtts \; 2>&1 | logger -p local0.err -t logstamper

Configure compressing, archiving, and disposing of the log files. Instead of utilizing gzip compression, it is advised to use tar+gzip compression in order to bind the data and its signature together in the same compressed container. Below is an example for a Linux implementation of ‘cron’: save the following script into file ‘/etc/cron.daily/rmoldlogs’:

#!/bin/sh

# tar.gz with timestamp. note that resulting tar.gz has last 
# modification date of last change of the container (unlike plain gzip)
find /data/logs/ -mtime +20 -name '*.log' -exec tar -cz --remove-files -f \{\}.tar.gz \ {\} \{\}.gtts \;

# remove logfiles older than 12 months (+ 20 days)
find /data/logs/ -type f -mtime +365 -exec rm \{\} \;

Signature Verification

The main point of signing logs is to be able to verify their signatures, thereby validating that the logs remain intact since the date/time of their creation. In order to verify the signed log file from the command line, use the Command Line Tool with parameters as follows:

gtime -vx -p -f /data/logs/server1/system20032010.log -i /data/logs/server1/system20032010.log.gtts

The verification package is comprised of the original data, the signature, a trust anchor, and the verification software:

1. original data file (filename.log),
2. original signature file (filename.log.gtts),
3. Desktop Application, and
4. latest trusted Guardtime newspaper publication from the Financial Times. Note that the verification tool uses an electronically-published Guardtime calendar database as its trust anchor and the newspaper publication could be used for the strongest possible proof via independent means, if necessary.

Technical Considerations

1. Guardtime public gateways are provided without any service level agreement regarding service availability. In order to have a guaranteed service level agreement, please contact Guardtime for a dedicated or private gateway.
2. In order to use a Guardtime gateway that is geographically nearest to your service (even located in-house alongside your service), please specify the GW as an appropriate command line argument to the ‘gtime’ command, for example ‘gtime -S http://stamper.jp.guardtime.net/gt-signingservice …other options…’.
3. If you plan to sign thousands of files, it is necessary to execute a suitable number of signing processes in parallel.
4. Take caution that signing log files induces extra load on disk I/O; compression can introduce stress against the CPU.

ds.exe [-q] [-o file] [-e file] [-s url] [-f file] [-d|-r dir] [-L] ...

The options are as follows:

The command line is scanned left to right and each option takes effect as it is encountered. All options can be repeated as many times as desired. The signature for the file file.ext is stored in the file file.ext.gtts. The -d and -r operations skip files named *.gtts (existing signatures).

Examples

To sign all files in the current directory:

ds.exe -d .

To sign all files in the current directory and its sub-directories:

ds.exe -r .

To sign all files in the directory d:\shared and its sub-directories, logging errors in the file error.log (the list of processed files is still shown on the console):

ds.exe -e error.log -r d:\shared

To sign all files in the directories d:\shared\legal and d:\shared\sales, logging all errors in the file error.log and the names of the processed files separately for each of the two sub-directories:

ds.exe -e error.log -o legal.log -d d:\shared\legal -o sales.log -d d:\shared\sales

Scheduling (Command Line)

To schedule periodic execution, you can use the AT or schtasks commands. For example, to schedule the contents of the directory d:\shared\sales to be signed every Monday, Wednesday, and Friday night, you might use:

AT 23:00 /every:M,W,F "c:\tools\ds.exe -e d:\error.log -d d:\shared\sales"

Make sure to enclose the scheduled command line in double quotes. It is also highly recommended to use absolute paths in all scheduled commands. Please refer to Microsoft documentation for more detailed information on the AT and schtasks commands.

Scheduling (GUI)

To schedule periodic execution, you can use the “Scheduled Tasks” tool. On Windows XP, the process is as described below. On other versions of Windows, the names of the menu items and the layout of dialogs might differ. To create a scheduled task, click on “Start”, navigate to “All Programs”, “Accessories”, “System Tools”, then click on “Scheduled Tasks”. The “Scheduled Tasks” tool appears. To schedule a new task, double-click on “Add Scheduled Task”. Click “Next” in the wizard window that pops up. A wizard window with a list of common tasks appears (it might take a while for Windows to populate the list). Since the Guardtime Directory Tree Signature Tool is not on the list, click “Browse” and navigate to the location where you copied the tool. Select the file ds.exe and click “OK”. A wizard window for task options appears. Assign a suitable name to the task and select the desired schedule (the schedule can be tuned later). Click “Next”. A wizard window for scheduling options appears (the available options depend on the type of schedule you selected). Specify the desired options and click “Next”. A wizard window for authorization options appears. Enter the details for the account under which the scheduled task is to run. Make sure you pick an account that has read permissions on all the files and new file creation permissions in all the directories you want to process. Click “Next”. The wizard finalization window appears. Make sure you check the “Open advanced properties” checkbox, then click “Finish”. The wizard closes and a task properties window appears. Edit the command line in the “Run” field to include all the options needed to specify error logging and the directories to process. Make sure any file names containing spaces are enclosed in double quotes. It is highly recommended to use absolute paths in all scheduled commands. Click “OK” to finalize the changes. Another authorization window appears. Enter the password to authorize the changes to the scheduled command and click “OK”. You now have the signing task scheduled. Please refer to Microsoft documentation for more detailed information on the “Scheduled Tasks” tool.

License and Acknowledgements

• This product is licensed under the Guardtime Tools End User Licensing Agreement, available from here: Guardtime EULA.
• This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (www.openssl.org/).
• This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
• This product includes software written by Tim Hudson (tjh@cryptsoft.com).

• Adobe Acrobat or Reader, version 8, 9, X, or XI
• Microsoft Windows XP, Vista, 7, or 8; or Apple MacOS X 10.6 or 10.7
• Internet connection

• The WordPress administrator must have their own instance of WordPress installed.
• The plug-in requires PHP version 5.3.x.

Installation

1. Click on the “Download” button above to start your download
2. Extract the package into a directory
3. Move the wp-guardtime directory to the /wp-content/plugins/ directory
4. Activate the plugin through the ‘Plugins’ menu in WordPress
5. Configure the following Guardtime service parameters in ‘Settings/Guardtime’:

Signer URL: http://stamper.guardtime.net/gt-signingservice
#The URL of the service for creating signatures.

Verifier URL: http://verifier.guardtime.net/gt-extendingservice
#The URL of the service for connecting signatures to Integrity Codes.

Publications URL: http://verify.guardtime.com/gt-controlpublications.bin
#The URL where the Guardtime publications file can be downloaded.

Publications TTL:60

Note that the public services create anonymous, unauthenticated signatures. To enable the creation of authenticated, personalized signatures, consider installing the Guardtime Private Keyless Signature Gateway, which consists of all required installation packages for both Signer and Verifier.

How it Works

• With the plug-in enabled, all new or updated posts and pages are automatically signed.
• If there are media files included in the post, the reference URLs are included in the signature for future proof that an image or video file existed within the post content.
• The signature information is automatically displayed under each entry, visible for any reader (no tool or plug-in is required on the reader’s side).
• The signature and original content may be downloaded in a zip file.