Time Stamping Protocols and Server Guide for Digital Signature Authentication
Digital timestamping is essential for code and document signing. Here's how it works and what you need to know about timestamping protocols:
Basic Timestamping Process:
- Hash your code/document
- Sign the hash with your private key
- Create a signature block containing the digital signature and code-signing certificate
- Timestamp the signature block using a timestamping service
- Bind the timestamped signature block to your original code/document
Sectigo Timestamping Server URL: http://timestamp.sectigo.com
Supported Timestamping Protocols:
RFC 3161 Protocol
- Used with newer versions of SignTool (using "/tr" parameter)
- Compatible with applications like jarsigner
- Automatically selects appropriate signature algorithm (RSA/SHA-256, RSA/SHA-384, or RSA/SHA-512)
- Based on your specified hash algorithm
Authenticode Protocol
- Used with older SignTool versions (using "/t" parameter)
- Compatible with SignCode
- Uses RSA/SHA-384 by default
- Custom signature algorithm possible by adding "?td=<hash_algorithm>" to URL
- Example: http://timestamp.sectigo.com?td=sha256
Important Notes:
- Add 15-second delays between multiple timestamp requests
- For eIDAS compliance, use: http://timestamp.sectigo.com/qualified
Best Practices:
- Always timestamp your signatures to ensure long-term validity
- Use RFC 3161 protocol when possible for better algorithm flexibility
- Follow request timing guidelines to prevent server overload
- Choose the appropriate protocol based on your tools and requirements
Related Articles
Digital Certificate Growth Surges Amid Rising Digital Identity Adoption
