密码中的反签名是如何工作的？

Question

我正在尝试理解authenticode验证机制中的时间戳处理，它看起来非常简单，但我真的不明白当证书(代码和时间戳)都不在有效期时，签名是如何有效的。

Windows Authenticode便携式可执行签名格式包含处理身份代码的详细说明，但没有一种情况是签名在时间戳签名证书过期后是有效的。

根据RFC3161的说法，一旦用来签署时间戳的证书过期，时间戳也就过期了，因此应该重新执行或公证该时间戳以更新该时间戳中现有的信任(这是否意味着证书应该更新？)

顺便说一句，十年前写的软件呢？是否有无限签名的机制？

Answer 1

最后，我找到了答案，答案在于RFC3161：

 To verify a digital signature, the following basic technique may be used:

A) Time-stamping information needs to be obtained soon after the
  signature has been produced (e.g., within a few minutes or hours).

  1)    The signature is presented to the Time Stamping Authority
        (TSA).  The TSA then returns a TimeStampToken (TST) upon
        that signature.

  2)    The invoker of the service MUST then verify that the
        TimeStampToken is correct.

B) The validity of the digital signature may then be verified in the
  following way:

  1)    The time-stamp token itself MUST be verified and it MUST be
        verified that it applies to the signature of the signer.

  2)    The date/time indicated by the TSA in the TimeStampToken
        MUST be retrieved.

  3)    The certificate used by the signer MUST be identified and
        retrieved.

  4)    The date/time indicated by the TSA MUST be within the
        validity period of the signer's certificate.

  5)    The revocation information about that certificate, at the
        date/time of the Time-Stamping operation, MUST be retrieved.

  6)    Should the certificate be revoked, then the date/time of
        revocation shall be later than the date/time indicated by
        the TSA.

If all these conditions are successful, then the digital signature shall be declared as valid.