An app to cryptographically timestamp computer files such as assessment items.
The aim of this app is to make assessment submission reliable independently of:
- learning management system server outages and server bottlenecks at universal submission times
- internet dropping out during submission (e.g. large files)
- student error (e.g. uploading the wrong assignment)
This app was initially developed at the Queensland University of Technology (QUT), Brisbane, Australia.
- Get a certificate from a time stamping authority (TSA) (=public key)
- Hash the student submission data (one or several files) and send the hash to the TSA
- TSA returns a receipt for the hash, encrypted with their public key
- Verification of student submission timestamps (e.g. by the unit coordinator) unencrypts the receipt using the TSA public key
- Select files by browsing or drag and drop, then click "StampIT":
- The .zip returned contains all the files stamped and the TSA receipt (incl. metadata such as TSA name)
Bulk verification of timestamps is possible. Select timestamp .zip files and click "Verify":
Valid and invalid timestamps examples (Stamped2.zip was updated after the timestamp was created):
- Implementation is based on Sha1 and the RFC3161 protocol, which has limitations. Future: implement RFC5816 for using other hashes such as Sha256.
- Does not account for how lon the TSA certificate is valid for (=> only short term use)
- TSA used for world clock is http://freetsa.org. Future: make customisable.
- The look and feel of the app is based on QUT. Future: make customisable.
Liam Ferrante and Pascal R Buenzli
QUT Mathematical Sciences Fund for Teaching and Research 2022