How does CryptVerifyTimeStampSignature verifies the timestamp signature without TSA certificate? RRS feed

  • Question

  • Hi we are developing Win 7 VC++ app using Crypto APIs. Here we time stamp data using CryptVerifyTimeStampSignature() method. We observed that CryptVerifyTimeStampSignature() does not accept TSA certificate for timestamp verification. And still verifies timestamp signature successfully. Thus we wanted to know from where TSA certificate is referred for verification.

    We are using “http://timestamp.comodoca.com/rfc3161” URL as TSA while time stamping data. And we do not have any TSA certificates (from http://timestamp.comodoca.com/rfc3161 ) installed on system where we verify timestamp signature. With this environment CryptVerifyTimeStampSignature() verifies signature successfully.

    Please let us know from where TSA certificate is referred for timestamp verification.

    Any help/hint is highly appreciated.

    Tuesday, April 21, 2015 9:33 AM