Code Signing FAQ

Code Signing FAQ


Other Resources
Security Developer Center
Cryptography Topics on MSDN
Follow us on Twitter

It is clear that when timestamping is used with authenticode we can extend the validity signature beyond the expiration date of the code signing certificate. What happens after timestamping certificate expiration? Is this extension of the signature validity limited by the validity of the timestamping certificate?

By default, timestamps do not expire with the certificate chain expires.  This can be changed by using the “lifetime signer OID” or setreg.exe for environments that wish to be more locked down. See code signing best practices for details on timestamping.

Code-Signing Best Practices

Can we timestamp kernel-mode components signed using Kernel-Mode Code Signing (KMCS) and SPC (Cross-Certificate) and will this action also extend the validity of the signature?

Timestamping for kernel mode components is encouraged, see the KMCS walkthrough:
Kernel-Mode Code Signing Walkthrough
 

What type of software they program actually needs to be signed?

 
In general, the feedback from the developers who program on our platform is that they are concerned that after signature expires, the component will not work.
 
While it is true that it is not always clear as to which interfaces actually require signatures and which do not, in general best practice is to sign all binaries.  This is what Microsoft does (generally – there are some exceptions, but relatively few).  Specific components will have specific requirements, and guidance is given to developers that specifically target these components.


See Also


Other Languages

This article is also available in the following languages:

Italian (it-IT)

Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Luigi Bruno edited Revision 7. Comment: Fixed a link.

  • Luigi Bruno edited Revision 6. Comment: Added the "Other Languages" section. Added the "Multi Language Wiki Articles" tag to the tags list.  

  • Jewel Lambert edited Revision 5. Comment: corrected spelling typo

  • Nevin Janzen edited Revision 4. Comment: Tags Edit

  • Luigi Bruno edited Revision 3. Comment: Fixed some links.

  • Luigi Bruno edited Revision 2. Comment: Edited article's title and tags list.

  • Ed Price MSFT edited Revision 1. Comment: Added a "See Also" link.

  • Ed Price MSFT edited Original. Comment: Added See Also link.

Page 1 of 1 (8 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Ed Price MSFT edited Original. Comment: Added See Also link.

  • Ed Price MSFT edited Revision 1. Comment: Added a "See Also" link.

  • Luigi Bruno edited Revision 2. Comment: Edited article's title and tags list.

  • Luigi Bruno edited Revision 3. Comment: Fixed some links.

  • Nevin Janzen edited Revision 4. Comment: Tags Edit

  • Jewel Lambert edited Revision 5. Comment: corrected spelling typo

  • how about net trust ?

  • Good Article.

  • Luigi Bruno edited Revision 6. Comment: Added the "Other Languages" section. Added the "Multi Language Wiki Articles" tag to the tags list.  

  • Luigi Bruno edited Revision 7. Comment: Fixed a link.

Page 1 of 1 (10 items)