trusted-timestamp

I'm trying to implement tsa server on python using twisted. Currently I'm using openssl binary to generate response, but this seems ugly to me, that's why I'm trying to figure out how to make response token with m2crypto. Thanks in advance for help! Maris. EDITED: how to achieve with m2crypto?: openssl ts -reply -section tsa_config1 -queryfile query.tsq -out response.tsr M2Crypto does not yet wrap those pieces of openssl, so you can't use M2Crypto for what you are using the openssl command line client for. You can simply use the rfc3162ng module. download the certificate of your favorite TSA:

I have just got my code signing certificate from StartSSL and am trying to sign our installer. The signing process goes well and I get an installer exe that Windows no longer complains about being from unknown publisher. This is great! However I tried to make sure that the timestamping also works as advertised so I moved my PC date to 2012, after my code signing certificate expiration date. This supposedly should not make any difference but when I run the same installer exe I now get the same nasty "unknown publisher" warning. Looking at the properties of the exe in the Digital Signatures tab

[ edit : I've written a blogpost that explains everything in detail: look here ] Hi! I'm desperately trying to build a service for trusted timestamps based on rfc3161. I've decided to use the free trusted timestamp service at zeitstempel.dfn.de . My question is how i shall contact this service in order to receive a valid response. Regarding the request format, the RFC tells: TimeStampReq ::= SEQUENCE { version INTEGER { v1(1) }, messageImprint MessageImprint, --a hash algorithm OID and the hash value of the data to be --time-stamped reqPolicy TSAPolicyId OPTIONAL, nonce INTEGER OPTIONAL,

I have an issue creating a valid CMS signature with Bouncy Castle using a trusted timestamp. The signature creation works well (I want to include the signature to a PDF file), the signature is valid. But after I include a trusted timestamp to the signature's unsigned attribute table, the signature still stays valid, but the Reader reports that The signature includes an embedded timestamp but it is invalid . This leads me to believe, that the hash I timestamp is not the correct one, but I cannot seem to figure out what is the problem with it. Signing code: Store store = new JcaCertStore(Arrays

After a jar is signed and the -tsa option was used, how can I validate that the time stamp was included? I tried: jarsigner -verify -verbose -certs myApp.jar But the output does not specify anything about the time stamp. I'm asking because even if I have a typo in the -tsa URL path, the jarsigner succeeds. This is the GlobalSign TSA URL: http://timestamp.globalsign.com/scripts/timstamp.dll and the server behind it apparently accepts any path (ie. timestamp.globalsign.com/foobar), so in the end I'm not really sure my jar is time stamped or not. Just spent the last 2 hours looking for this issue

I was reading What happens when a code signing certificate expires - Stack Overflow and wondering about a more solid answer. The answer provided was more about setting up your own CA. Even with your own CA you will still need to deal with expiring code certificates. If you signed the code without using a time stamping service, after the certificate expires your code will no longer be trusted, and depending on security settings it may not be allowed to run. You will need to re-sign all of your code with a new certificate, or with a renewed certificate, every 1 or 2 years. Trusted (digital)