Finally Khatim Timestamp Server (KTS) v2.0 is released! The team at Codegic has worked hard to launch the next version of Khatim Timestamp Server (KTS). Version 1.0 focused primarily on the timestamping core while v2.0 focuses on usability. This release unveils the brand new GUI based interface for KTS. This interface is in addition to the the original command line interface where administrators can use console based commands to configure KTS, suited to headless environments. Now KTS admins can use either KTS console based client or GUI based interface to manage their timestamp servers. Here is a sneak preview of what is available in v2.0.
Charts based graphical statistics are a great tool to understand the health of your system and KTS dashboard provides that. The simple to use dashboard provides quick insight of critical statistics of your timestamp server be it running as a single instance or in a cluster. Admins can also filter the statistics shown on the dashboard using options Today, 7 days, 30 days, 365 days, This year, All or a custom date range.
PKI Admins can further see drilled down statistics to gauge the performance of their timestamp servers. Some quick explanation of these charts are:
Breakdown of Successful or Failed timestamp requests.
Breakdown of failures mapped to the RFC 3161 i.e.
badAlg: Unrecognized or unsupported Algorithm Identifier
badRequest: Transaction not permitted or supported
badDataFormat: Data submitted has the wrong format
timeNotAvailable: TSA’s time source is not available
unacceptedPolicy: Requested TSA policy is not supported by the TSA
unacceptedExtension: Requested extension is not supported by the TSA
addInfoNotAvailable: Additional information requested could not be understood or is not available
systemFailure: Some unwanted error is found while processing the timestamp request
Number of issues found in the KTS while generating the timestamp. These could be any of:
LICENSE_EXPIRED and more (see events below)
Breakdown of request based on the policy configured in the system.
Breakdown of the time source used for timestamp generation. Could be System Clock or NTP.
Breakdown of hash algorithm (SHA2 etc.) used to generate timestamp.
Breakdown of Client IP sending timestamp requests.
Breakdown of Host IP receiving timestamp requests.
Provides a quick view of KTS server instances. In a load balanced environment multiple instances are shown. Guides admin when a KTS instance was:
Host name & IP
Allows admin to:
Configure PKCS#11 based HSMs or Smart Cards
Generate cryptographic keys (RSA, ECDSA), CSR and Certificates for timestamping
Import issued certificates back into the system
Allows KTS admins to view the default Certification Authorities which comes with the application. This is handy for quick testing of timestamp features without having to setup your own CA to issue timestamp digital certificates.
Timestamping feature is the core of KTS providing following sub features :
Admin can create multiple policies mapped to a policy OID, timestamp signing certificate, hash algorithm, time source and much more. This allows flexibility in meeting varying client needs.
Admin can setup NTP addresses which can be referenced in a policy as the authoritative time source for the incoming request.
To help KTS admins identify the root cause of timestamp failures, KTS shows full list of timestamp transactions as they are created and more. Admin can see information like:
Time when request is processed
Incoming message imprint (data hash)
Success or failure details
Policy used to generate the timestamp response
Detailed timestamp request/responses etc.
IP address of requestor and host server
Time source etc.
The NTP logs provide precise information regarding what information was received from the NTP server. This is handy for auditing and compliance reasons. Admins can prove clients with NTP logs, what time they got from NTP server and whether it was trusted or not. Admin can also see:
When the system clock drifted happened
From which NTP server time was found
To what extent the drift happened
Note that at KTS start, an NTP monitor is started which ensures system clock time is with in the range of the NTP time. This is done when at least a single policy is configured to use local system clock for NTP responses. In such a case, a call is made to the configured NTP servers to get the latest time. If the time found from the NTP server is beyond the system configured threshold to meet i.e. 1 second then it generates an alert for the administrator. In such an event, KTS will respond requests with timeNotAvailable response. If the policy is configured to use NTP server directly then for each timestamp request the registered NTP server is engaged to get trusted time.
This features, allows admins to:
View operator logs; admins can see full audit trial of the changes made by operators
These logs are generated when ever there is any issue found during Timestamp processing to ensure critical components are performing as expected e.g. HSM, NTP etc. Some of these types of events are:
NTP_COMM_FAILED_CRITICAL (when more than 50% fail)
These system logs are also emailed to the configured administrators as the event is generated and also incorporated in daily summary reports.
Well this was just a sneak preview of what KTS v2.0 has to offer. Codegic has planned further usability and functionality improvements for the next upcoming releases making it one of the secure, affordable and efficient Timestamping server. Further changes includes providing details time based graphs, better server management and more reporting so stay tuned!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.