MS Authenticode Time Stamp Signer

The class name is: org.signserver.server.signers.tsa.MSAuthCodeTimeStampSigner.

Overview

This time stamp signer is compatible with the Microsoft Authenticode Time Stamping code signing.

Available Properties

Property Description
TIMESOURCE Property containing the fully qualified name of the class implementing the ITimeSource that should be used (OPTIONAL). This property has the same values as for TimeStampSigner above.
SIGNATUREALGORITHMProperty specifying the algorithm used to sign the timestamp (default: SHA256withRSA)
INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE Specifies if the signing certificate attribute (id-aa-signingCertificate) [RFC2634] should be included in the response (OPTIONAL, default: false).

Howto

There is a howto about testing Authenticode signing available in doc/howtos/test_ms_authcode.txt.

Certificate Requirements

  • A time-stamp signer certificate must have the extended key usage extension present and marked as critical.
  • The extended key usage extension must contain the timeStamping key purpose ID and only that one.