The class name is: org.signserver.server.signers.tsa.MSAuthCodeTimeStampSigner.
This time stamp signer is compatible with the Microsoft Authenticode Time Stamping code signing.
|TIMESOURCE||Property containing the fully qualified name of the class implementing the ITimeSource that should be used (OPTIONAL). This property has the same values as for TimeStampSigner above.|
|SIGNATUREALGORITHM||Property specifying the algorithm used to sign the timestamp (default: SHA256withRSA)|
|INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE||Specifies if the signing certificate attribute (id-aa-signingCertificate) [RFC2634] should be included in the response (OPTIONAL, default: false).|
There is a howto about testing Authenticode signing available in doc/howtos/test_ms_authcode.txt.
- A time-stamp signer certificate must have the extended key usage extension present and marked as critical.
- The extended key usage extension must contain the timeStamping key purpose ID and only that one.