1.1.0

What's New

ASiC-E (Extended) Container Support

• Multiple files in a single container — CreateExtendedAsync bundles multiple files with an ASiCManifest XML listing each file's digest, all covered by a single timestamp
• CreateExtendedFromFilesAsync — convenience method for timestamping files directly from disk
• ExtractAll — extract all data files from both ASiC-S and ASiC-E containers
• Auto-detection in Verify — ASiC-E containers are detected by MIME type or manifest presence

Configurable Per-File Size Limit

• MaxFileSize option (default 10 MB) — rejects oversized files before processing to prevent memory exhaustion
• Set to null to disable the limit
• Enforced on create, extract, and verify operations

Timestamp Renewal for Long-Term Archival

• RenewAsync / RenewFileAsync — re-timestamp containers per ETSI EN 319 162-1 §5.4
• Each archive timestamp covers the previous token's bytes, creating a verifiable chain (timestamp.tst → timestamp-002.tst → timestamp-003.tst)
• Verification walks the full chain automatically
• New TimestampChainEntry model and TimestampChain property on AsicVerifyResult
• CLI: asicts renew <file> command

Other

• Updated package dependencies
• Updated README with ASiC-E examples and MaxFileSize documentation
• STRIDE threat model updated to v1.3

Full Changelog: 1.0.0...1.1.0

v1.0.0

AsicSharp 1.0.0

First stable release of AsicSharp — a .NET library and CLI tool for creating and verifying ASiC-S containers with RFC 3161 timestamps.

Highlights

• ASiC-S container creation & verification compliant with ETSI EN 319 162-1 and EU eIDAS
• RFC 3161 timestamping proving data existed at a specific point in time, without requiring a signing certificate
• TSA fallback list — configure multiple Timestamp Authority URLs; if one is unavailable, the next is tried automatically
• Nonce support for replay protection on timestamp requests
• Optional CAdES signing when a signing certificate is provided
• META-INF/README.txt included in containers explaining the format and how to verify
• STRIDE threat model with in-depth security review
• Zip Slip protection — sanitized ZIP entry names prevent path traversal attacks
• Multi-target library — supports netstandard2.1, net8.0, and net10.0

Install

# CLI tool
dotnet tool install -g AsicSharp.Cli

# Library
dotnet add package AsicSharp

Usage

# Timestamp a file
asicts stamp document.pdf

# With fallback TSAs
asicts stamp document.pdf --tsa http://timestamp.digicert.com --tsa http://timestamp.sectigo.com

# Verify
asicts verify document.pdf.asics

Full changelog

• feat: initial release of AsicSharp
• feat: implement nonce support for RFC 3161 timestamp requests
• feat: add META-INF/README.txt and TSA fallback list
• fix: sanitize ZIP entry names to prevent path traversal (Zip Slip)
• docs: add STRIDE threat model and security documentation

0.9.0

Initial pre-release of AsicSharp — create and verify ASiC-S containers with RFC 3161 timestamps in .NET.

Features

• Create ASiC-S containers with RFC 3161 timestamps from any data or file
• Verify container integrity, timestamp validity, and data hash matching
• Extract original files from containers
• CLI tool (asicts) for stamping, verifying, and extracting from the command line
• DI integration via AddAsicSharp() with typed HttpClient and IOptions support
• Multi-target: netstandard2.1, net8.0, net10.0
• Optional CMS/CAdES signing with your own certificate
• Built-in well-known TSA URLs (DigiCert, Sectigo, GlobalSign, FreeTSA, Apple, Entrust)

Install

dotnet add package AsicSharp                # Library
dotnet tool install -g AsicSharp.Cli        # CLI tool

Links

• NuGet: AsicSharp
• NuGet: AsicSharp.Cli