tried reading the explanation in the MSDN, but i still don’t understand it.
lets say i have a certificate that expires in 2013. now even when i don’t use the /t option and sign the driver with the certificate (pfx file), the driver loads without any problem.
this is the command i use to sign, which i can load drivers when signing with this even tho i’m not using /t option :
so can someone explain in a simple way, the usage of using timestamping with /t option when signing a driver, even when i don’t use it i can still load the signed drivers without any issue?
@Mark_Roddy said:
If you don’t timestamp your signed object’s signature expires with the cert.
Mark Roddy
Thank you for the reply. but what is the point of using timestamp considering even when i don’t use it, my driver still gets loaded without any problem?
If you don’t use a timestamp your driver will be considered unsigned if in
the future you attempt to install it after your cert expiration date.
Mark Roddy
The timestamp is meant to cryptographically prove when the signature was applied. If there is no timestamp, then the code that is checking the signature has to assume ‘now’. if the certificate that was used to sign was valid in the past, but not valid now (they all expire eventually) then the code that is checking the validity of the certificate will no longer say ‘yes, this is valid’ but will say ‘no this is not valid because you can’t sign with an expired certificate’.