The class name is: org.signserver.server.signers.tsa.MSAuthCodeTimeStampSigner.
Overview
This time stamp signer is compatible with the Microsoft Authenticode Time Stamping code signing.
Available Properties
| Property | Description |
|---|
| TIMESOURCE | Property containing the fully qualified name of the class implementing the ITimeSource that should be used (OPTIONAL). This property has the same values as for TimeStampSigner above. |
| SIGNATUREALGORITHM | Property specifying the algorithm used to sign the timestamp (default: SHA256withRSA) |
| INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE | Specifies if the signing certificate attribute (id-aa-signingCertificate) [RFC2634] should be included in the response (OPTIONAL, default: false). |
Howto
There is a howto about testing Authenticode signing available in doc/howtos/test_ms_authcode.txt.
Certificate Requirements
- A time-stamp signer certificate must have the extended key usage extension present and marked as critical.
- The extended key usage extension must contain the timeStamping key purpose ID and only that one.