diff --git a/README.md b/README.md new file mode 100644 index 0000000..e8c6be9 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +### TimeStampResponder + +This project is a TimeStampResponder Library with its Demo. + +You can use my project to produce back-dated TimeStampResponse as a co-signature to validate expired/revoked code-sign signatures. + +You must generate your own TSA certificate together with with its private key, and import the cert in to your trust store. There are some requirements for the cert-key pair, which is explainned in TSACertificates folder. + +The Library supports both Microsoft Authenticode TimeStamp and RFC3161 TimeStamp. +The Demo is just a _**local**_ responder, so it can't be a reliable TimeStamp Server. \ No newline at end of file diff --git a/TSACertificates/README.md b/TSACertificates/README.md index b745bd0..34867b7 100644 --- a/TSACertificates/README.md +++ b/TSACertificates/README.md @@ -1,12 +1,15 @@ ### TSACertificates -Time-Stamp-Authority-Certificates in this folder can be used directly for the program. -Just copy and put them in the folder of Demo.exe - -If you want to use your own cert, please pay attention! +If you want to use your own Time-Stamp-Authority-Certificate, please pay attention! A TSA Certificate must contain ExtendedKeyUsage X509Extension. ExtendedKeyUsage only allows the cert for TimeStamp, and ExtendedKeyUsage must be marked with critical. +What's more, if your TSACert is not SelfSigned (I mean IssuerDN=SubjectDN) , you should paste the Intermediate Certificate after your TSACertificate to provide a full cert chain. Just like what we do when deploying a SSL certificate. +And remember that the private key must be in PKCS1 form (PKCS8 won't work) + +Certs in this folder can be used directly for the program. +Just copy and put them in the folder of Demo.exe + These certificates are just an example, which is issued from my own PKI. You can trust my root certificate by importing EVRootCA.crt or run EVRootCA.reg. Certainly, you don't have to trust it... The private key of TSA Certificates are uploaded as well. Though the certificate is not trusted by default, I hope you won't abuse them.