Post-quantum trusted time-stamping service. See go-atum for more information on the protocol.
Create a config.yaml file:
bindAddr: :8080
canonicalUrl: http://localhost:8080For all configuration options, see config.yaml.example
Run using Docker
The easiest way to run atumd for development purposes is using Docker.
docker-compose up
Run using GO
To install atumd, run
go install github.com/bwesterb/atumd
and run
atumd
You probably want to configure a proper webserver like nginx to act
as proxy and set a corresponding sane canonicalUrl with HTTPS.
atumd uses the statefull XMSS[MT] Signature scheme. Each signature
has a sequence number (seqno) and a sequence number
must not be reused as it
is likely to lead to signature forgery.
A private key has a largest sequence number which depends on the
instance of the scheme. The first free sequence number is stored in the
XMSSMT private key file. Thus
- Do not copy the XMSSMT private key file, for then the same signature sequence number might be reused.
- In particular, do not restore a keyfile from a backup.
Instead of backups, simply generate a new XMSSMT keypair for your atumd
server if the old one gets corrupted. You can add the old public key to
the otherTrustedPublicKeys list in the configuration so that signatures set
by the old public key remain trusted.
Instead of copying the key for redundant copies of the server, create
a new keypair for each server and again add the different public keys to
the otherTrustedPublicKeys of all servers.
- go-atum, Go client and Cli tool