为什么我们在进行代码签名时要设置时间戳? [英] Why should we set a timestamp when we do a codesigning?

问题描述

如果我为签名设置时间戳，会发生什么?
如果我不设置怎么办?

If I set a timestamp with signing, what happens?
What if I don't set?

这是必要的吗?为什么推荐?

Is it essential? Why is it recommended?

推荐答案

时间戳用于指定进行数字签名的时间.这是正确验证签名所必需的.

Timestamping is used to specify time when the digital signature is made. This is needed to properly validate the signature.

如果存在签名时间戳，验证(验证)签名的应用程序将检查签名验证所涉及的证书在签名时是否有效.如果签名没有时间戳，则在签名验证时检查证书有效性，这并不总是可以接受的.

If signature timestamp is present, the application which validates (verifies) the signature, will check whether the certificates involved into signature validation were valid at the moment of signing. If there's no timestamp for the signature, certificate validity is checked for the moment of signature validation, which is not always acceptable.

Example:
Certificate is valid from: 1st of January, 2008
Certificate is valid to: 31st of December, 2010
Signature is made on: 4th of July, 2009
Signature is verified on: 30th of April, 2012

有时间戳:签名正常(在证书有效期内签名) 无时间戳:签名无效(签名验证时证书已过期).

With timestamp: signature is ok (signature was made during certificate validity period) Without timestamp: signature is not valid (certificate has expired by the moment of signature verification).

如果应该长期使用签名(证明文档作者或数据创建者的真实性)，即超过一天或几天，则应使用时间戳.

Timestamping should be used if the signature is supposed to be used (to proof authenticity of the document author or data originator) in long term, i.e. longer than one or several days.

例如，当您向同事发送一封简短的签名便条，并且该便条预计将在其撰写的同一天被阅读和处理时，时间戳就不是必需的.当然，当签名技术不支持或时间戳权限不可用时，不能使用时间戳.

Timestamping is not necessary when you, for example, send a short signed note to the colleague and this note is expected to be read and disposed of the same day as it has been written. Of course, timestamping can not be used when it's not supported by the signing technologies or when timestamping authority is not available.

另一方面，当您为广泛分发或长期存储和归档目的创建签名文档时，时间戳是必须的.在对软件应用程序的可执行模块进行签名时，也会使用时间戳.

On the other hand, timestamping is a must when you create signed documents for wide distribution or for long-term storage and archiving purposes. Timestamping is also used when signing the executable modules of software applications.

更新:时间戳也用证书签名.此签名也使用常规规则进行验证，这意味着用于签署时间戳的证书必须在签名验证时有效.在上面的例子中，如果时间戳证书在 2012 年 4 月 1 日过期，那么时间戳将被报告为无效并且在签名验证期间不会被计算在内.

Update: the timestamp is also signed with a certificate. This signature is also validate using regular rules, which means that the certificate used to sign the timestamp must be valid at the moment of signature validation. In the above example if the timestamping certificate expired on the 1st of April, 2012, then the timestamp will be reported as not valid and won't be counted during validation of the signature.

这篇关于为什么我们在进行代码签名时要设置时间戳?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！