Knowledgebase: Code Signing
Time Stamping Server
Posted by - NA - on August 04 2006 13:21
In order to sign your code, you pass the code which you want to authenticate through a hashing algorithm and then use your private key to sign the hash, which results in a digital signature. You then build a signature block, which contains the digital signature and the code-signing certificate. |
Tools like Microsoft's SignTool, let you time stamp the signature block based on the current date and time that a time stamping service provider, such as Comodo, provides. Finally, you bind the time stamped signature block to the original software. Now you can publish the signed software on your Web site for download.
As part of this process you will need to know the URL of Comodo's time stamping server.
For older versions of Microsoft's SignTool (less than .NET 4) and SignCode:
For Microsoft's SignTool (4.0 and later) and others applications (jarsigner) which support RFC 3161 (Time Stamping Protocol):
Note: Please be aware that if you are signing several pieces of software with a script to please add a delay of about 15 seconds or more between signings so that one is not hammering our servers.