Ruby API for accessing GuardTime Keyless Signature services
C Ruby
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



Ruby API for accessing Guardtime Keyless Signature services.


API docs:

Information about the service:

Installation: see INSTALL.rdoc


The two main operations are signing and verification. Signing involves cryptographically binding the data whose integrity is to be protected to the audited time value and server component's identity in a way that neither the data, the time value nor identity could later be changed undetectably. Verification means checking that the binding is still intact.

To get a sigature token from a Guardtime service, the client application computes a hash value of the data to be signed and submits the hash value to the signing service. The service returns a signature token binding the hash value to the current time. The interaction follows the standard cryptographic time-stamping protocol defined in the RFC 3161.

Every month, Guardtime creates an Integrity Code and publishes it in several newspapers across the world. The Integrity Code is a summary of all signatures issued by the Guardtime data integrity services. Any signature issued prior to the creation of the Integrity Code can be traced to it to unambiguously prove the signature’s issuing time, issuer ID and link to signed data, effectively proving the data integrity.

The proof connecting the signature to the Integrity Code can be inserted back into the token in a process we call extending. An extended signature token is completely independent of Guardtime. Only the original data, the signature and any copy of the newspaper where the Integrity Code is published will be necessary to prove the intgerity of the document.

For convenience, Guardtime publishes an electronic archive containing all Integrity Codes since the launch of the service and all valid signing keys. This electronic archive can be used to automate mass verification of thousands of timestamps (whether extended or not) per second in a large archive.



require 'guardtime'
require 'digest/sha2'

h = << 'This text shall be signed!'
gt =
sig = gt.sign(h)
# ...and verify right away
puts 'OK!' if gt.verify(sig, h)


def slurpfile (fn), 'rb') {|f|}

token = slurpfile('importantdata.txt.gtts')
hasher = GuardTime.getnewdigester(token)
hasher << slurpfile('importantdata.txt')
gt =
signedAt = nil
okay = gt.verify(token, hasher) do |r|
    signedAt = r[:time]
    /companyname$/ =~ r[:location_name] and
        r[:verification_errors] == GuardTime::NO_FAILURES
puts "data signed at #{signedAt.utc.to_s}" if okay

Build Status

Published under Apache license v. 2.0. Copyright Guardtime AS 2013