The class name is: org.signserver.server.signers.tsa.MSAuthCodeTimeStampSigner.

Overview

This time stamp signer is compatible with the Microsoft Authenticode Time Stamping code signing.

Available Properties

Property

Description

TIMESOURCE 

Property containing the fully qualified name of the class implementing the ITimeSource that should be used (OPTIONAL). This property has the same values as for TimeStampSigner above.

SIGNATUREALGORITHM

Property specifying the algorithm used to sign the timestamp (default: SHA256withRSA)

INCLUDE_SIGNING_CERTIFICATE_ATTRIBUTE 

Specifies if the signing certificate attribute (id-aa-signingCertificate) [RFC2634] should be included in the response (OPTIONAL, default: false).

Howto

There is a howto about testing Authenticode signing available in doc/howtos/test_ms_authcode.txt.

Certificate Requirements

  • A time-stamp signer certificate must have the extended key usage extension present and marked as critical.
  • The extended key usage extension must contain the timeStamping key purpose ID and only that one.