设置(个人)可执行文件/代码时间戳服务需要什么?
我们目前正在使用威瑞信的时间戳服务,但时间戳服务器时常变得不可用 - 主要是由于我们的 ISP 故障。
现在,我们对构建的所有内容都添加了时间戳,甚至是简单的开发构建,因为 Vista 无法正确运行未签名/未标记的文件,因此遇到了很多麻烦。
我们可以设置时间戳服务来执行相同的操作吗? 我环顾四周,并没有真正找到任何以我目前的知识水平告诉我这可以或不能完成的信息。
We are using verisign's time stamp service currently, but every so often the time stamp server becomes unavailable - mostly due to our ISP failing.
We now timestamp everything we build, even simple dev builds as we had a lot of trouble with Vista not running the unsigned/unstamped files properly.
Can we setup a time stamp service to do the same? I've looked around and not really found any information at my current level of knowledge that tells me this can or cannot be done.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
“我们可以设置一个时间戳服务来做同样的事情吗?”
使用 http://www.opentsa.org/
"Can we setup a time stamp service to do the same?"
Use http://www.opentsa.org/
我一直在寻找同样的东西,到目前为止,我们正在使用带有免费 VeriSign 时间戳的 Thawte 代码签名证书。 维基百科上的可信时间戳文章有两张很好的图片展示了它的工作原理,还有一些外部链接位于底部,包括 RFC 和 ANSI ASC 的链接。 其中一个链接指向 digistamp.com,他们在那里提供大批量服务,还销售 SecureTime 服务器和许可证。 目前的标价为 30,000 美元,再加上 4,500 美元的年度维护和审计费用,远远超出了我们的支付范围。
我仍然不清楚的一件事是需要多长时间联系一次时间戳服务。 如果它只需要在签名期间联系服务一次,那么没关系,但如果每次访问证书时都需要联系服务,那么最好拥有我们自己的。 我在开源社区中还没有看到这样的事情。
I've been looking for the same thing and so far we are using a Thawte code signing certificate with free VeriSign timestamping. The Trusted timestamping article on Wikipedia has 2 good images of how it works and some external links at the bottom, including links to the RFC and ANSI ASC. One of the links goes to digistamp.com, where they offer a high-volume service and also sell a SecureTime server and license. The current list price for this is $30,000 plus $4,500 annual maintenance and audit, way more than we would pay.
One thing that I still am not clear about is how frequently the timestamping service needs to be contacted. If it only needs to contact the service once during signing time, then that's okay, but if the service needs to be contacted every time the certificate is accessed it would be better to have our own. I haven't seen anything like this in the open source community.