>
> Thanks a lot. Sorry to sound like a dumbass, but how do I put that
> information into the certificate when I signed it? :) I mean, how do I
> specify the URL of the tsa, which extension to use ?
>
You don't. The timestamp URL is something you use on the command line of
the
relevant authenticode signing tool. It then queries the timestamp server
gets
a timestamp back and includes it in the signed object.
The whole point of a timestamp is to ensure that signed objects still work
after the certificate has expired by providing assurance that they were
signed
at or before a stated time.
I know that part, and with the info you provided, it's not a problem signing
a DLL, .exe, etc, using signcode.exe. I can pass the "-t" option, and get
the timestamp from any server. This can be done with any key/cert generated
with openssl, which is cool.
The problem is with signing Office macro, which has to use the stupid macro
editor to do. And there is no place to insert an option for timestamping.
All the information I get is that the editor will do it automatically, and
somehow,
that info for getting timestamp must be known to the editor, thru the
certificate.
So I'm trying to figure out how to put that info into the cert to make that
macro editor happy.
> If someone could give an ASN.1 def of a MS authenticode cert, that would
> help too.
There's all sorts of extraneous garbage in some of the official
authenticode
certificates. You don't need any of it.
I don't want to know if I don't have to :)
Sorry, this is kinda deviate further and further from openssl topics :)
thanks for your help.
coco
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
