Trusted Timestamping, introduced in Java 5 (2004), allows your customers to validate your signature even after the certificate has expired. When you sign a JAR file, the Timestamp Authority uses their clock to act as a notary and cryptographically write the date and time into your file.
Without this timestamp, users would only be able to validate your signature based on their current date and time. This could be problematic for long-running or embedded systems because the standard X.509 Certificates contain a NotAfter date that typically ranges from one to four years.
You interact with timestamp authorities when signing code with jarsignerÃ¢â¬â¢s TSA argument:
jarsigner -tsa http://timestamp.verisign.com Ã¢â¬Â¦
When your signed file provides a timestamp, Java is able to use that information within the PKIXParameters and determine:
- Do I trust this timestamp authority to act as a notary?
- Is the signature date before the certificateÃ¢â¬â¢s time of expiration?
- Based on Certificate Revocation Lists, was this certificate valid on or before the signature date?
- If the answer to all questions is yes, then the signature is deemed valid even if the certificate has expired. Therefore, signed code on embedded devices will continue to operate beyond the CertificateÃ¢â¬â¢s lifetime.