Skip to content

Commit

Permalink
Add README
Browse files Browse the repository at this point in the history
  • Loading branch information
Jemmy1228 committed Mar 22, 2019
1 parent a27269f commit 5f1b116
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
### TimeStampResponder

This project is a TimeStampResponder Library with its Demo.

You can use my project to produce back-dated TimeStampResponse as a co-signature to validate expired/revoked code-sign signatures.

You must generate your own TSA certificate together with with its private key, and import the cert in to your trust store. There are some requirements for the cert-key pair, which is explainned in TSACertificates folder.

The Library supports both Microsoft Authenticode TimeStamp and RFC3161 TimeStamp.
The Demo is just a _**local**_ responder, so it can't be a reliable TimeStamp Server.
11 changes: 7 additions & 4 deletions TSACertificates/README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
### TSACertificates

Time-Stamp-Authority-Certificates in this folder can be used directly for the program.
Just copy and put them in the folder of Demo.exe

If you want to use your own cert, please pay attention!
If you want to use your own Time-Stamp-Authority-Certificate, please pay attention!
A TSA Certificate must contain ExtendedKeyUsage X509Extension.
ExtendedKeyUsage only allows the cert for TimeStamp, and ExtendedKeyUsage must be marked with critical.

What's more, if your TSACert is not SelfSigned (I mean IssuerDN=SubjectDN) , you should paste the Intermediate Certificate after your TSACertificate to provide a full cert chain. Just like what we do when deploying a SSL certificate.
And remember that the private key must be in PKCS1 form (PKCS8 won't work)

Certs in this folder can be used directly for the program.
Just copy and put them in the folder of Demo.exe

These certificates are just an example, which is issued from my own PKI. You can trust my root certificate by importing EVRootCA.crt or run EVRootCA.reg. Certainly, you don't have to trust it...
The private key of TSA Certificates are uploaded as well. Though the certificate is not trusted by default, I hope you won't abuse them.

Expand Down

0 comments on commit 5f1b116

Please sign in to comment.