See, for example, Haber and Stornetta "How to Time-Stamp a Digital Document" in the Journal of Cryptology (1991) and Benaloh and de Mare "One-Way Accumulators: A Decentralized Alternative to Digital Signatures" in Springer-Verlag Lecture Notes in Computer Science vol. In the past, a variety of cryptographic time stamping methods have been proposed. Issuers of Authenticode certificates currently include SSL.com, Digicert, Sectigo(Comodo), and GlobalSign. Microsoft maintains a list of public certification authorities (CAs).
Authenticode signatures can be used with many software formats, including. A client web browser, or other system components, can use the Authenticode signatures to verify the integrity of the data when the software is downloaded or installed. A Brief Introduction to AuthenticodeĪuthenticode applies digital signature technology to guarantee the authorship and integrity of binary data such as installable software. Time stamping allows Authenticode signatures to be verifiable even after the certificates used for signature have expired. Signing tools from Microsoft allow developers to affix time stamps at the same time as they affix Authenticode signatures. Authenticode time stamping is based on standard PKCS #7 countersignatures. Microsoft Authenticode signatures provide authorship and integrity guarantees for binary data.