I'm curious about how Windows check the Authenticode signature.
For example, I would sign test.exe
I know that if test.exe doesn't have a TS (timestamp) signature from a TSA (Timestamp Authority), the signature would expire after the certificate's NotAfter datetime.
I used to believe that if test.exe have a Authenticode signature with a valid TS signature, this signature would expire after the TS certificate expire.
However, it seems I'm wrong... When I was cleaning my old computer, I found the PlantsVsZombie!(⊙o⊙) You can download the main file from here ( I'm not sure how long can I keep this link available... )
Its signing certificate expired at 2012/9/21 and its timestamp certificate expired at 2012/6/15. Both of these two certificates expired now. But surprisingly, its signature is still valid (Checked using Powershell command Get-AuthenticodeSignature and viewed from the attributes-Signature tab)
Then I wonder will a signature with timestamp expire? If it would, at which time?