- SignServer Introduction
- SignServer Installation
- SignServer Operations
- SignServer Integration
-
SignServer Reference
- Deploy-time Configuration
-
SignServer Workers
- Common Configuration
-
SignServer Signers
- Common Properties
- Appx Signer
- Appx CMS Signer
- CMS Signer
- Debian Dpkg-sig Signer
- Extended CMS Signer
- Extended Time Stamp Signer
- JArchive Signer
- JArchive CMS Signer
- MRTD Signer
- MRTD SOD Signer
- MS Authenticode Time Stamp Signer
- Master List Signer
- MS Authenticode Signer
- MS Authenticode CMS Signer
- ODF Signer
- OOXML Signer
- OpenPGP Signer
- OpenPGPPlain Signer
- PDF Signer
- Plain Signer
- Time Stamp Signer
- XAdES Signer
- XML Signer
- ZoneFileServerSideSigner
- ZoneHashSigner
- ZoneZipFileServerSideSigner
- SignServer Document Validators
- SignServer Dispatchers
- SignServer Validation Service Framework
- SignServer Timed Services
- Other Workers
- SignServer Components
- Logging
- SignServer Authentication and Authorization
- Status Repository
- Health Check
- SignServer TimeMonitor Application
-
SignServer User Interfaces
- Administration CLI
- Administration GUI
-
Administration Web
- Main Page
- Workers Page
- Global Configuration Page
- Administrators Page
- Audit Log Page
- Archive Page
- Database CLI
- Internationalization
- Peer Systems
- Client-Side Hashing
- Key Wrapping
- Developer Reference
- SignServer Release Information
- Code Signing How-to Guides
MS Authenticode Time Stamp Signer
The class name is: org.signserver.server.signers.tsa.MSAuthCodeTimeStampSigner.
Overview
This time stamp signer is compatible with the Microsoft Authenticode Time Stamping code signing.
Available Properties
| Property | Description |
|---|---|
| TIMESOURCE | Property containing the fully qualified name of the class implementing the ITimeSource that should be used (OPTIONAL). This property has the same values as for TimeStampSigner above. |
| SIGNATUREALGORITHM | Property specifying the algorithm used to sign the timestamp (default: SHA256withRSA) |
| INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE | Specifies if the signing certificate attribute (id-aa-signingCertificate) [RFC2634] should be included in the response (OPTIONAL, default: false). |
Howto
There is a howto about testing Authenticode signing available in doc/howtos/test_ms_authcode.txt.
Certificate Requirements
- A time-stamp signer certificate must have the extended key usage extension present and marked as critical.
- The extended key usage extension must contain the timeStamping key purpose ID and only that one.