2

I'm trying to understand the timestamp processing in the authenticode verification mechanism and it looks pretty simple, but I really do not understand how signature can be valid while both certificates (code and timestamp) are not in validity period.

Windows Authenticode Portable Executable Signature Format contains detailed description of processing authenticode, but there is no one case, when signature is valid after timestamp signing certificate has expired.

According to RFC3161, as soon as the certificate, used to sign a timestamp, expires, the timestamp becomes expired as well, so such timestamp should be re-done or notarized to renew the existing trust in this timestamp (does it mean certificate should be renew?).

Btw, what about software written ten years ago? Is there a mechanism to have infinite signature?

Sergey Perfilev
  • 31
  • 3
  • The validity period of the TSA certificate is checked against the time stamp however this is just a consistency check since you can backdate it if you have compromised the timestamp key. The idea here is simply that it is unlikely that two different entities are comromised. – eckes Dec 09 '17 at 02:14

1 Answers1

1

Finally, I've found the answer, the one lies in RFC3161:

 To verify a digital signature, the following basic technique may be used:

A) Time-stamping information needs to be obtained soon after the
  signature has been produced (e.g., within a few minutes or hours).

  1)    The signature is presented to the Time Stamping Authority
        (TSA).  The TSA then returns a TimeStampToken (TST) upon
        that signature.

  2)    The invoker of the service MUST then verify that the
        TimeStampToken is correct.

B) The validity of the digital signature may then be verified in the
  following way:

  1)    The time-stamp token itself MUST be verified and it MUST be
        verified that it applies to the signature of the signer.

  2)    The date/time indicated by the TSA in the TimeStampToken
        MUST be retrieved.

  3)    The certificate used by the signer MUST be identified and
        retrieved.

  4)    The date/time indicated by the TSA MUST be within the
        validity period of the signer's certificate.

  5)    The revocation information about that certificate, at the
        date/time of the Time-Stamping operation, MUST be retrieved.

  6)    Should the certificate be revoked, then the date/time of
        revocation shall be later than the date/time indicated by
        the TSA.

If all these conditions are successful, then the digital signature shall be declared as valid.
Sergey Perfilev
  • 31
  • 3