MS Authenticode Time Stamp Signer
The class name is: org.signserver.server.signers.tsa.MSAuthCodeTimeStampSigner.
Overview
This time stamp signer is compatible with the Microsoft Authenticode Time Stamping code signing.
Available Properties
|
Property |
Description |
|
TIMESOURCE |
Property containing the fully qualified name of the class implementing the ITimeSource that should be used (OPTIONAL). This property has the same values as for TimeStampSigner above. |
|
SIGNATUREALGORITHM |
Property specifying the algorithm used to sign the timestamp (default: SHA256withRSA) |
|
INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE |
Specifies if the signing certificate attribute (id-aa-signingCertificate) [RFC2634] should be included in the response (OPTIONAL, default: false). |
Howto
There is a howto about testing Authenticode signing available in doc/howtos/test_ms_authcode.txt.
Certificate Requirements
-
A time-stamp signer certificate must have the extended key usage extension present and marked as critical.
-
The extended key usage extension must contain the timeStamping key purpose ID and only that one.