A timestamp server authenticates the exact time when digital signatures and code signing were performed. Here's how timestamping works and how to use it effectively:

Basic Process:

1. Hash your code/documents
2. Sign the hash with your private key
3. Create a signature block containing the digital signature and certificate
4. Timestamp the signature block using a timestamp service
5. Bind the timestamped signature block to your original content

Sectigo Timestamp Server URL: http://timestamp.sectigo.com

Supported Timestamping Protocols:

RFC 3161 Protocol

• Used by modern SignTool with "/tr" parameter
• Compatible with applications like jarsigner
• Automatically selects appropriate signature algorithm (RSA/SHA-256, RSA/SHA-384, or RSA/SHA-512)
• Algorithm selection based on specified hash algorithm

Authenticode Protocol

• Used by older SignTool versions with "/t" parameter
• Compatible with SignCode
• Uses RSA/SHA-384 by default
• Custom algorithm selection available by adding "?td=<hash_algorithm>" to URL
• Example: http://timestamp.sectigo.com?td=sha256

Important Usage Notes:

• Add 15-second delays between multiple timestamp requests
• For eIDAS compliance, use: http://timestamp.sectigo.com/qualified
• Timestamping ensures long-term validity of signatures even after certificate expiration

Best Practices:

• Always timestamp your signatures when code signing
• Use RFC 3161 protocol when possible for better algorithm flexibility
• Follow rate limiting guidelines to ensure reliable service
• Choose appropriate hash algorithms based on security requirements

This timestamping process creates a trusted time record that validates when code or documents were signed, enhancing the security and reliability of digital signatures.

Related Articles

Previous Articles