Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignedCms with Expired certificate but valid timestamp fails with validation #83478

Open
jborean93 opened this issue Mar 15, 2023 · 6 comments
Open

SignedCms with Expired certificate but valid timestamp fails with validation #83478

jborean93 opened this issue Mar 15, 2023 · 6 comments
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-System.Security
Milestone
Future

Comments

@jborean93
Copy link
Contributor

Description

Using SignedCms.CheckSignature(false) fails when the certificate has expired but was countersigned before it was expired. The WinVerifyTrust function on Windows does not report an error with these signatures.

Reproduction Steps

Here are 2 Authenticode base64 strings of some PowerShell files that have been signed with a now expired certificate. Note these are self signed certs used for testing so they would have been to be trusted to avoid the CA trust failure.

The first is one signed with a timestamp using the old Authenticode timestamp functionality:

MIIehAYJKoZIhvcNAQcCoIIedTCCHnECAQExDzANBglghkgBZQMEAgEFADB5BgorBgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLGKX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBWYryjZjo1cjdJeX1p42umeyEBm4NaeKGQxt09ACzoa6CCF+IwggTXMIICv6ADAgECAgkA0cnLHrL9eEIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAzMTQyMDM4MzFaFw0yMzAzMTUyMDQzMzFaMBUxEzARBgNVBAMTClBvd2VyU2hlbGwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwH926aUCIoMbG8rjAavLPlTSEJ20S4JoilIKatvJY432v5/gtH+jNMv8qRvrAaceLuo2AusOn68WjW3ZxcZR2yAh3llWvaxEfFc/N06Re242LxXGdK8XUq3NPqQkHkPiIFaW4SX6PsQ8R3su9MM66WsNvz5/78MYpvbtN7QiXKTfEudpI/QdLYPOHaCQXEr8PzW0g5wx6JMHa/3YewMRKYVvsEwBbVGt+5/YMRFZzLcloOYal4W8abUoLxYMT/uoy0MmYz3pmtAiIdLKzOgU1+C/1MhrdjGfXF88EHVqHnyyk042pyTmaXAAneAarfyelTmLVTrVO8FVF85iUaDjxlSY49V7gjrD8hNcHz/UYK3+RCfXJF35tn+Q3DkfuuooD4GOnMGPUNSY1fqS42q6lAAub0eufl4sxRfHw2cqyM2+bBz8gih+gzNf6y0E83D4jbryWr/gkPO8lOqU4mgJcyl60/GpkHaLyioln7VLPwT8ay4jXvJqvFw9p1pDBXKhe98enip8PGmmiCESv6HcDYEAeNfkO6Pz1RMgDB4yzIcYA13ZEGUTByfoC8JhD2VbsVOHUM/5pviI4eTW39W9elCbKQmasVeavoGaHikGua75h/pL+0uORrJBZxkyxJaG4YQ5BTU+YUvQvJPw6blB6bk8Z1WbNN8WW6E1v/8Do8QIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAEUQDpyRT3pBX+YaleFXrgBw+QJMEuzwPu+uZI++HR4Crk4h0BIFFwkS0yx6XQlPZT33F3kZ73IXfVsm9FQ99ZqahqyO+aWUz/AAkWM00MD2DTnFWqcRe8hl6BW7tverNXaWDXEAJwJSwY8FslBUYeMQMgLwtKVBlu0SnA18GQn+M5KRpsgOUvzTI6LACvRS6y/ehwBN4kR9tilu9t8jqVeKyTN0b2kZ59Ht7C4+J3XnA7Zp9Vr1SlSZ9dLIrQw5HeMasSmDheiFaRBbVGmFMcselHxQwCN5kDV9jzDjrmAnIwoDPFSlzG/GRJCQAK6XgXUH8RdVLkj9Tq79HXTNCwu+M/pqqPAK6FxQr806KTglqRGWsZF41HJCIttRwWQevqjjEck1MzOYemVwI4m5N1I9xvUqfie5Ba+I3Efy4WjhPGLG4b4M+DijnbUKv/iwiCEznztMiKVhcYp+EXzHzM5Pr5nUMZsIHv2kAyCl8H7+aLYsJQWdzG7CCGic3nv7bkxXqfDE1AY2xufp8Yy8OCnA2mnt2jHLZA0r/oN/3KkodVhvBSwFfXhjBLtupwp0EKeMAQ4dXH/oQF0o9ExZUI5/ppkVuEW/AobqYCUNEcpn4roZoBia84dt7bfGHnaXgyECn2bvbIB300qYQwmOepFYRpTWni94nsD237f6cKkOMIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21DiCEAYWjANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+go3QbPbYW1/e/Vwe9mqyhhyzshV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0/4C5+KH38nLeJLxSA8hO0Cre+i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnLnU+nBgMTdydE1Od/6Fmo8L8vC6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU96LHc/RzY9HdaXFSMb++hUD38dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ9VVrzyerbHbObyMt9H5xaiNrIv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9Xql4o4rmUMIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBsAwggSooAMCAQICEAxNaXJLlPo8Kko9KQeAPVowDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yMjA5MjEwMDAwMDBaFw0zMzExMjEyMzU5NTlaMEYxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIgLSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+ylJjrGqfJru43BDZrboegUhXQzGias0BxVHh42bbySVQxh9J0Jdz0Vlggva2Sk/QaDFteRkjgcMQKW+3KxlzpVrzPsYYrppijbkGNcvYlT4DotjIdCriak5Lt4eLl6FuFWxsC6ZFO7KhbnUEi7iGkMiMbxvuAvfTuxylONQIMe58tySSgeTIAehVbnhe3yYbyqOgd99qtu5Wbd4lz1L+2N1E2VhGjjgMtqedHSEJFGKes+JvK0jM1MuWbIu6pQOA3ljJRdGVq/9XtAbm8WqJqclUeGhXk+DF5mjBoKJL6cqtKctvdPbnjEKD+jHA9QBje6CNk1prUe2nhYHTno+EyREJZ+TeHdwq2lfvgtGx/sK0YYoxn2Off1wU9xLokDEaJLu5i/+k/kezbvBkTkVf826uV8MefzwlLE5hZ7Wn6lJXPbwGqZIS1j5Vn1TS+QHye30qsU5Thmh1EIa/tTQznQZPpWz+D0CuYUbWR4u5j9lMNzIfMvwi4g14Gs0/EH1OG92V1LbjGUKYvmQaRllMBY5eUuKZCmt2Fk+tkgbBhRYLqmgQ8JJVPxvzvpqwcOagc5YhnJ1oV/E9mNec9ixezhe7nMZxMHmsF47caIyLBuMnnHC1mDjcbu9Sx8e47LZInxscS451NeX1XSfRkpWQNO+l3qRXMchH7XzuLUOncCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAdBgNVHQ4EFgQUYore0GH8jzEU7ZcLzT0qlBTfUpwwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAVaoqGvNG83hXNzD8deNP1oUj8fz5lTmbJeb3coqYw3fUZPwV+zbCSVEseIhjVQlGOQD8adTKmyn7oz/AyQCbEx2wmIncePLNfIXNU52vYuJhZqMUKkWHSphCK1D8G7WeCDAJ+uQt1wmJefkJ5ojOfRu4aqKbwVNgCeijuJ3XrR8cuOyYQfD2DoD75P/fnRCn6wC6X0qPGjpStOq/CUkVNTZZmg9U0rIbf35eCa12VIp0bcrSBWcrduv/mLImlTgZiEQU5QpZomvnIj5EIdI/HMCb7XxIstiSDJFPPGaUr10CU+ue4p7k0x+GAWScAMLpWnR1DT3heYi/HAGXyRkjgNc2Wl+WFrFjDMZGQDvOXTXUWT5Dmhiuw8nLw/ubE19qtcfg8wXDWd8nYiveQclTuf80EGf2JjKYe/5cQpSBlIKdrAqLxksVStOYkEVgM4DgI974A6T2RUflzrgDQkfoQTZxd639ouiXdE4u2h4djFrIHprVwvDGIqhPm73YHJpRxC+a9l+nJ5e6li6FV8Bg53hWf2rvwpWaSxECyIKcyRoFfLpxtU56mWz06J7UWpjIn7+NuxhcQ/XQKujiYu54BNu90ftbCqhwfvCXhHjjCANdRyxjqCU4lwHSPzra5eX25pvcfizM/xdMTQCi2NYBDriL7ubgclWJLCcZYfZ3AYwxggX4MIIF9AIBATAiMBUxEzARBgNVBAMTClBvd2VyU2hlbGwCCQDRycsesv14QjANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCAp5V6eZBH6QjWLAZghhEKm8BDpQfO3XcRLMgKTz+QoWTANBgkqhkiG9w0BAQEFAASCAgCHG9QjzwkI7yuZv00SPTUJxSZS23trrb8ss/pzQJywAShxpq1SE4qem/pkwFdhRbbv5pSRxHj2SnA0JdONKu3AYD/Y1t7UnpeQmYXQK4RHvnum0JMaMfzEIKangvYsNAf6BbRJe2o0DMrrhKL7UJeJl3dr/aXIRxiVF2q/pXeQXVhZu1arm20GMyvYIjCK8Axma1cM2+t5xRVx/ujVnM9/NmV9j1ukhrxYdSwV3osxOgyr8dlWscCc3bl7sSrq6qIEHGPjHsdcqR06ZulZhPdMq7IEkJksag+Tfi+toImii+fwhuYbT7W7eMxINStC4yWhGDg6xZmz+TJDddqC3TuGmaoiBJMh6iLaTWf6a7K/Ypazc99YZ1Z2EIV649xqVl4hDxOP/BE2TZogxSloPZHlY5IxiyM0S1413tctN5dllUbWMWNGyC6iWe3+14BW+rornbUPo6IA8BENRPQG2J0WAWDeNw6HeH27Qt37wnqAHnrlNg1rGOoCDq1Skzr2nOHi3erQA68Jd4aONqjPQ6J/g2ohM+sbcLpoIhUTvL7iTyZMI4Lb4cWCaHSr/6F6dZ0NE1fQZ3pAXgK9sFx1bep4Mshu84qPC63HOsROFxR0ypbdUpwl0xw3Y9urfwQMdTg+fECMJ3rRrdYsuNGu2zSaspkLMfDMA6hSMeDo+8Af3qGCAyAwggMcBgkqhkiG9w0BCQYxggMNMIIDCQIBATB3MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0ECEAxNaXJLlPo8Kko9KQeAPVowDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzAzMTUyMDM4MzdaMC8GCSqGSIb3DQEJBDEiBCCLhacUFaBSCQ2YRdmF2bd0vIDxDA9iHZCtBnK68oo73TANBgkqhkiG9w0BAQEFAASCAgBDe/aboSbY+kOB0318AmEDpuVUPoxnGeg6SY6cQa0ZiL0qOxFTBUmSG/Okg3Rg7+PSebnaT272/ukBqjdNL8bTI0zDfJbkUQzWcTDXaJu6qQX/glVRo4GD23eOHFwzB6+bzjbDJaKiTGlHGLJN1D5IBwNfbWOOny08ZnfKuhPIVDQHeZL7O4H/FEwgQoYKINvHzc3ocM6MwBPlb6pbc/dxlnOmQHliFGx+hlnaA44rEPyGWKP2ZYbXm2htxBVUQFmXOtATwY642sS029JVVQJ7rCb+5Nbn52t2p7CJBOXAJuco6KwNEfjA89ytOEZU7FgsQot6OZglmQ8gKWhTDcPMhz/k8FX5aF6UUtqGrhfw7ddK6y9e89TB2zpS8BqQ6cvUN/P6Lf0VhYsv583Nq2MDYVddKDsICSzfrC4Dy4sjoClB0elaekisminOgpdMqmJ3UtE/MzDkvvXXtN0qPBQjymx+SoTnwX7EjaQ5GdTr77Yt1Z4aH2q3QAWRcF6YQpijJVkjVRP1XitykjGxSIzdbFn7GsvZ37BgyfmSCW3f9n+nq67Ss4bbn9xcgzEk2qhkxoAp3WA2iALdOydavO3Vhxs3u2dko/iqdkQ3z4ubhP60bf1m0U8wa39ZYqAx4IpXu4EAlfDTHVJkWU5PU9l/Wohy+0NoHZ10pKI8SzUzOg==

The second is one signed with a timestamp using the RFC 3161 timestamp functionality:

MIIfmQYJKoZIhvcNAQcCoIIfijCCH4YCAQMxDTALBglghkgBZQMEAgEwewYKKwYBBAGCNwIBBKBtBGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLGKX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBaNEv+Ne+U+glDiFrbl8Ct5Gf+ataCxj80K+LzYzeavaCCBNswggTXMIICv6ADAgECAgkApr9gS57+nmAwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAzMTQxOTEyMjBaFw0yMzAzMTUxOTQyMjBaMBUxEzARBgNVBAMTClBvd2VyU2hlbGwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfwd4HfoBff9LHby3DWv+uTaM9ucOiI5AbVpSsXcjUr7kVQ52ootrpqniox8cAJrGoN4XJvV353eenq64kQheXlYvZxs3i8prr/VevA0VLvByMJva2sdkjxeIixFE1jP65W02TOS7cYRMxIBUnS/ixOAV1HiiSAZ1/f14UrtsN0P3ueujffNxVBknW6qhgRYVyLzetybBfVVKlUEmGybr/uCCzbSyl9EG9stHk7aQUfZL/xzhU8gFmTsh8K4eTFDDMnNzRt3D3OOhNaAQQ+5uWCkvdblNwR8kASLTKvHhpe3zzCgwz+3CPExtC/Qz4mT7K77jBuwRy4zl7rEqPWlKkGuln9ujO1KtCJFKy3V8jlvld2tg4BWLJag4Z6/8WopO4U/YeNpfqPhfgjWpF9XPQtW4C8UHsNnRbPu6RZhtF+blHDbV7+GM4T02HZBnhD654woUe61cUU1wJ3iZF5QyS0eL2A58muFdWyM4Kcu9uDmBnkIaQXf4XECTsU6h9+4tb+kkszn3Xzs2Nc20YpIAWVvzcT3cw0noiDzMlblz4APBiCC5ATPNFHaElpRzWiPD31LXDw8HPkhm5sLcO5Hf0pRfZ15zjFZnua/lpz9/YPUxf9hqWlsP0i0TM0XMtb/OPj06F++ZbEPHwTc7pKaYN2ptSUVzBGiFGQrwfDTW6UwIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAJ6MYEI/NrvrUBjvnYGoYQJksc9m6SOejFt0jZ2xQlpBCfLtChwB8dQWuaUpgVwNKlckodbmkdohh+3S58OgSfapV3bemyzO0cXlO2+tynTsTnr+nsF2WC05Y3zcCrUf38yhNL11iOXxh63mwlJvsbmE9jCfziOx9Cw7923bXEIfThyh9OFkquNkXdX5vyYLdl3NIq6l+jeZfY7Il3agp0/TjFv0Hz3tba9gK4XSw3ir+UqGKr5LwlcIaA5PAYbyvm8TmhkNzN8KZBvow08/VQ6Jc8LqFOzGkdQTPVk46t3pNnvppnw89JAy519njE2pQsk9vBR7lz5ALx7UrjYK+iU2PEgEk8ptOWZGfzghpDHU2CJOdbvhiFx+uvGU/joCFZ+JmsbRmq2qbZpNT77K477m7j20RjHFwEYB+STDzlZgFLEzo2kgIIDy4rxe/DIx1nK2nMAyb7nEBxxq7euxKBtHhEsU2aBX0wpNbWMtNOTeGBGr5z4SPZei22wWEyyPXXcU3FS3gIwwetOxGFoH8VnlxRaxi6ZelSwPwLfakJtswL4wgWLJjkTvX4qBVjLAlNFuY7CUO8CjwYHeYy0abL1iLPmZGIFcSXxvMnAheK+r9pPOFF9d/mTWOw8IHQdovgaxkurgClt8RMW3IrzRuG4R+A7aR3SiKpjKYdFQ7KkcMYIaFDCCGhACAQEwIjAVMRMwEQYDVQQDEwpQb3dlclNoZWxsAgkApr9gS57+nmAwCwYJYIZIAWUDBAIBoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIIAulLQTO7GoXVAIp3Kt0pmCBTLme/oYiEVvdbIXP5baMAsGCSqGSIb3DQEBAQSCAgAjawJWoj86wLXTBpFDg6ngyPOmNNIIhkczeyGWy0stomQHqyj5NdwsfDcRmfHmIJuADr1349dXuEEehfbTSki8Cq8m+TdnA1ovTYHzFPqZlkFk81wGwBhVNwcylHyvbJ9FScG7H6unqwI2L92tooTWOBI8gHQrZx3tcdc0QVKoRkEhfg+BwRhryiIOy6emorRQMWgJr28k1BIwev1d/N7uCOPZnAho0w14LWoWua1Ga9RM7ni8v1JxYkVVVtcGCNfphLhriqT9+B8WV4aLmgMtl8+4FLkPjJzlUMCv9knzwVxWg3LPrbUWi6nRyti5eulOpAAxYSZ+7dnBGQkqZRSkTdQW1HlRCDSUPgVKj2j+yfYUh3FWLtCt8Q29VOtUIXB93PDOqjxlJ/D2TT06PJepHDt7PPkT2/2qrZvzJLrw6zp5WjLesAasQVu8AVGSPnE7CwQi8aD4HlOzPV/uBsC4WJM200gbUnk3yeOQPYDw3cP4ea3rZ5s9tl4JNPxCrKnkjPrIvsGV6puBdXzRQLUHqXk+ASlfLbTbzKFYogEIsO4USi7rHfe9kU78hAG3MGWN9GRYCRrPRCSWgxvFu0NNvZLDE2e5B3w5B6s776DG3TvWI6qcVXBotGlm9qX6se5KjBOVDmAhApKTQOY7v8yHMWu05GLNplWLcHvvz99UtKGCF0kwghdFBgorBgEEAYI3AwMBMYIXNTCCFzEGCSqGSIb3DQEHAqCCFyIwghceAgEDMQ8wDQYJYIZIAWUDBAIBBQAwgYIGCyqGSIb3DQEJEAEEoHMEcTBvAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQgXGFtF8hPK5tnyM4Yvcr7ZiZpOFuTFFvT8ck4UFVuwAACEQDqREbe4dpMubzZcmszYtI5GA8yMDIzMDMxNTE5MTMwMVoCCHYbQTDn3aVroIITBzCCBY0wggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJKoZIhvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1OVowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3v1cHvZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy3iS8UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cnRNTnf+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3WlxUjG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2zm8jLfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwggbAMIIEqKADAgECAhAMTWlyS5T6PCpKPSkHgD1aMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjIwOTIxMDAwMDAwWhcNMzMxMTIxMjM1OTU5WjBGMQswCQYDVQQGEwJVUzERMA8GA1UEChMIRGlnaUNlcnQxJDAiBgNVBAMTG0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDIyIC0gMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/spSY6xqnya7uNwQ2a26HoFIV0MxomrNAcVR4eNm28klUMYfSdCXc9FZYIL2tkpP0GgxbXkZI4HDEClvtysZc6Va8z7GGK6aYo25BjXL2JU+A6LYyHQq4mpOS7eHi5ehbhVsbAumRTuyoW51BIu4hpDIjG8b7gL307scpTjUCDHufLckkoHkyAHoVW54Xt8mG8qjoHffarbuVm3eJc9S/tjdRNlYRo44DLannR0hCRRinrPibytIzNTLlmyLuqUDgN5YyUXRlav/V7QG5vFqianJVHhoV5PgxeZowaCiS+nKrSnLb3T254xCg/oxwPUAY3ugjZNaa1Htp4WB056PhMkRCWfk3h3cKtpX74LRsf7CtGGKMZ9jn39cFPcS6JAxGiS7uYv/pP5Hs27wZE5FX/NurlfDHn88JSxOYWe1p+pSVz28BqmSEtY+VZ9U0vkB8nt9KrFOU4ZodRCGv7U0M50GT6Vs/g9ArmFG1keLuY/ZTDcyHzL8IuINeBrNPxB9ThvdldS24xlCmL5kGkZZTAWOXlLimQprdhZPrZIGwYUWC6poEPCSVT8b876asHDmoHOWIZydaFfxPZjXnPYsXs4Xu5zGcTB5rBeO3GiMiwbjJ5xwtZg43G7vUsfHuOy2SJ8bHEuOdTXl9V0n0ZKVkDTvpd6kVzHIR+187i1Dp3AgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8wHQYDVR0OBBYEFGKK3tBh/I8xFO2XC809KpQU31KcMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKGTGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIBAFWqKhrzRvN4Vzcw/HXjT9aFI/H8+ZU5myXm93KKmMN31GT8Ffs2wklRLHiIY1UJRjkA/GnUypsp+6M/wMkAmxMdsJiJ3HjyzXyFzVOdr2LiYWajFCpFh0qYQitQ/Bu1nggwCfrkLdcJiXn5CeaIzn0buGqim8FTYAnoo7id160fHLjsmEHw9g6A++T/350Qp+sAul9Kjxo6UrTqvwlJFTU2WZoPVNKyG39+XgmtdlSKdG3K0gVnK3br/5iyJpU4GYhEFOUKWaJr5yI+RCHSPxzAm+18SLLYkgyRTzxmlK9dAlPrnuKe5NMfhgFknADC6Vp0dQ094XmIvxwBl8kZI4DXNlpflhaxYwzGRkA7zl011Fk+Q5oYrsPJy8P7mxNfarXH4PMFw1nfJ2Ir3kHJU7n/NBBn9iYymHv+XEKUgZSCnawKi8ZLFUrTmJBFYDOA4CPe+AOk9kVH5c64A0JH6EE2cXet/aLol3ROLtoeHYxayB6a1cLwxiKoT5u92ByaUcQvmvZfpyeXupYuhVfAYOd4Vn9q78KVmksRAsiCnMkaBXy6cbVOepls9Oie1FqYyJ+/jbsYXEP10Cro4mLueATbvdH7WwqocH7wl4R44wgDXUcsY6glOJcB0j862uXl9uab3H4szP8XTE0AotjWAQ64i+7m4HJViSwnGWH2dwGMMYIDdjCCA3ICAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBAhAMTWlyS5T6PCpKPSkHgD1aMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjMwMzE1MTkxMzAxWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTzhyJNhjOCkjWplLy9j5bp/hx8czAvBgkqhkiG9w0BCQQxIgQgYsWTfaWXTMtlhLhoLMR8GLFVGc0U5R0NszqYyGeph0EwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQgx/ThvjIoiSCr4iY6vhrE/E/meBwtZNBMgHVXoCO1tvowDQYJKoZIhvcNAQEBBQAEggIAiDWSGTm7kFhbVZOPr5pY76EVwzyDrxRvWRCh+2HwicG81hxq8JS7nRnPo7Jyh0M7XmTcyHkLyF0bf5KL93u9MMnwK/K/qKLuJDVkyCIIAd6RCG7JcAATzhmw7aJfLRqBqP/WVYlkjFUXkBHwapE75sTfq81AUJbo5r9bzOjP92SnUUe0ImTdNFn7oDFB7InzYzls2t+j9ngz7rzgaLkvmgoELJ0UlXNtKudffy5msUQ2b6rZdubyHr+jSkcpNhWCkQhF6EauruUmr03HDe7200u1MTTMBK9Z/rbK7txoTpfI5JZk/x9Zby0Bi89yxeKEGLoLkGr0a1KqE1KcAv6BFOphGvafLnocABLxXWYkJaSO95V6CtGr3PASIOtEWuWujvwyLkqED7yGiCZv9fFVA7e23esZxfVijoMtFH586yhhpC8ZU6G6KnGxEINfVwhZE27nAb9lgDq8R8d7HKu7S5WzYEOjIC3opFlN0XRB2h96LStfRkEQFWP6jFf+atV/qhHeRJrkK0M+7tvwvO8LNyVOlbk+bLXi3VTiXUHtyAgf4xmT4dO7ISrWb36E6/RAM3/dkJfDy4jMY85wJC9zxOywaC8HOVYszroiVNVI5Q+CVpuXNIRfo8lmBkh9I7l/IealkbGz6Ce3oBt5+fyQjT7xEt3ogiqlytmIv1lD5aU=

The code to validate them

using System;
using System.Security.Cryptography.Pkcs;

namespace Authenticode;

public class Signature
{
    public static void Main(string[] args)
    {
        byte[] data = Convert.FromBase64String("...");

        SignedCms signInfo = new SignedCms();
        signInfo.Decode(data);
        signInfo.CheckSignature(false);
    }
}

Expected behavior

It to not fail with an expired cert error like WinVerifyTrust doesn't for an expired cert that was counter signed with a valid timestamp. If this can't happen it would be nice to have a way to determine whether the failure was due to an expired timestamp or whether it was something else, like an untrusted root/partial chain/etc. Currently the exception thrown has a platform specific error message which makes it harder to determine the root cause.

Actual behavior

On Windows the error is:

System.Security.Cryptography.CryptographicException: Certificate trust could not be established. The first reported error is: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
   at System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly)
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, Boolean verifySignatureOnly)

On Linux the error is:

System.Security.Cryptography.CryptographicException: Certificate trust could not be established. The first reported error is: certificate has expired
   at System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly)
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, Boolean verifySignatureOnly)

Regression?

No response

Known Workarounds

No response

Configuration

Dotnet Version: 7.x
OS: Tested on Windows and Linux
Architecture: x64

I don't believe it is specific to the configuration, although the error messages returned are.

Other information

Here is some PowerShell code I am using to verify the trust information with WinVerifyTrust. It's PowerShell code using my module Ctypes.

#Requires -Module Ctypes

param ($Path)

ctypes_struct WINTRUST_FILE_INFO {
    [int]$CbStruct
    [MarshalAs('LPWStr')][string]$FilePath
    [IntPtr]$File
    [IntPtr]$KnownSubject
}

ctypes_struct WINTRUST_DATA {
    [int]$CbStruct
    [IntPtr]$PolicyCallbackData
    [IntPtr]$SIPClientData
    [int]$UIChoice
    [int]$RevocationChecks
    [int]$UnionChoice
    [IntPtr]$Choice
    [int]$StateAction
    [IntPtr]$StateData
    [IntPtr]$URLReference
    [int]$ProvFlags
    [int]$UIContext
    [IntPtr]$SignatureSettings
}

$WINTRUST_ACTION_GENERIC_VERIFY_V2 = [Guid]::new("00AAC56B-CD44-11d0-8CC2-00C04FC295EE")
$WTD_UI_NONE = 2
$WTD_CHOICE_FILE = 1
$WTD_STATEACTION_VERIFY = 1

$fileInfo = [WINTRUST_FILE_INFO]@{
    CbStruct = [System.Runtime.InteropServices.Marshal]::SizeOf([type][WINTRUST_FILE_INFO])
    FilePath = $Path
}

$fileInfoPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($fileInfo.CbStruct)
try {
    [System.Runtime.InteropServices.Marshal]::StructureToPtr($fileInfo, $fileInfoPtr, $false)
    $data = [WINTRUST_DATA]@{
        CbStruct = [System.Runtime.InteropServices.Marshal]::SizeOf([type][WINTRUST_DATA])
        UIChoice = $WTD_UI_NONE
        StateAction = $WTD_STATEACTION_VERIFY
        UnionChoice = $WTD_CHOICE_FILE
        Choice = $fileInfoPtr
    }

    $wintrust = New-CtypesLib wintrust.dll
    $res = $wintrust.WinVerifyTrust(
        $null,
        [ref]$WINTRUST_ACTION_GENERIC_VERIFY_V2,
        [ref]$data
    )
    if ($res) {
        throw "Trust failed - {0} 0x{0:X8}" -f $res
    }
}
finally {
    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($fileInfoPtr)
}

The 2 PowerShell files I've used to verify this behaviour are in the collapsable section below. These files are where I got the PKCS 7 data for the Reproduction Steps section. Windows is correctly validating both of these files without any errors due to the presence of the counter signature signed when the certs were still valid. Please note these files use \r\n line endings.

Click to get .ps1 test files

Authenticode Timestamp

Write-Host test

# SIG # Begin signature block
# MIIehAYJKoZIhvcNAQcCoIIedTCCHnECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBWYryjZjo1cjdJ
# eX1p42umeyEBm4NaeKGQxt09ACzoa6CCF+IwggTXMIICv6ADAgECAgkA0cnLHrL9
# eEIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAz
# MTQyMDM4MzFaFw0yMzAzMTUyMDQzMzFaMBUxEzARBgNVBAMTClBvd2VyU2hlbGww
# ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwH926aUCIoMbG8rjAavLP
# lTSEJ20S4JoilIKatvJY432v5/gtH+jNMv8qRvrAaceLuo2AusOn68WjW3ZxcZR2
# yAh3llWvaxEfFc/N06Re242LxXGdK8XUq3NPqQkHkPiIFaW4SX6PsQ8R3su9MM66
# WsNvz5/78MYpvbtN7QiXKTfEudpI/QdLYPOHaCQXEr8PzW0g5wx6JMHa/3YewMRK
# YVvsEwBbVGt+5/YMRFZzLcloOYal4W8abUoLxYMT/uoy0MmYz3pmtAiIdLKzOgU1
# +C/1MhrdjGfXF88EHVqHnyyk042pyTmaXAAneAarfyelTmLVTrVO8FVF85iUaDjx
# lSY49V7gjrD8hNcHz/UYK3+RCfXJF35tn+Q3DkfuuooD4GOnMGPUNSY1fqS42q6l
# AAub0eufl4sxRfHw2cqyM2+bBz8gih+gzNf6y0E83D4jbryWr/gkPO8lOqU4mgJc
# yl60/GpkHaLyioln7VLPwT8ay4jXvJqvFw9p1pDBXKhe98enip8PGmmiCESv6HcD
# YEAeNfkO6Pz1RMgDB4yzIcYA13ZEGUTByfoC8JhD2VbsVOHUM/5pviI4eTW39W9e
# lCbKQmasVeavoGaHikGua75h/pL+0uORrJBZxkyxJaG4YQ5BTU+YUvQvJPw6blB6
# bk8Z1WbNN8WW6E1v/8Do8QIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0l
# AQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAEUQDpyRT3pBX+Ya
# leFXrgBw+QJMEuzwPu+uZI++HR4Crk4h0BIFFwkS0yx6XQlPZT33F3kZ73IXfVsm
# 9FQ99ZqahqyO+aWUz/AAkWM00MD2DTnFWqcRe8hl6BW7tverNXaWDXEAJwJSwY8F
# slBUYeMQMgLwtKVBlu0SnA18GQn+M5KRpsgOUvzTI6LACvRS6y/ehwBN4kR9tilu
# 9t8jqVeKyTN0b2kZ59Ht7C4+J3XnA7Zp9Vr1SlSZ9dLIrQw5HeMasSmDheiFaRBb
# VGmFMcselHxQwCN5kDV9jzDjrmAnIwoDPFSlzG/GRJCQAK6XgXUH8RdVLkj9Tq79
# HXTNCwu+M/pqqPAK6FxQr806KTglqRGWsZF41HJCIttRwWQevqjjEck1MzOYemVw
# I4m5N1I9xvUqfie5Ba+I3Efy4WjhPGLG4b4M+DijnbUKv/iwiCEznztMiKVhcYp+
# EXzHzM5Pr5nUMZsIHv2kAyCl8H7+aLYsJQWdzG7CCGic3nv7bkxXqfDE1AY2xufp
# 8Yy8OCnA2mnt2jHLZA0r/oN/3KkodVhvBSwFfXhjBLtupwp0EKeMAQ4dXH/oQF0o
# 9ExZUI5/ppkVuEW/AobqYCUNEcpn4roZoBia84dt7bfGHnaXgyECn2bvbIB300qY
# QwmOepFYRpTWni94nsD237f6cKkOMIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21Di
# CEAYWjANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
# aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtE
# aWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzEx
# MTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j
# MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBU
# cnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/
# 5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xuk
# OBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpz
# MpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
# vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qT
# XtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRz
# Km6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRc
# Ro9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADk
# RSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMY
# RJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4m
# rLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C
# 1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYD
# VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYD
# VR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkG
# CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
# Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6
# Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmww
# EQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+g
# o3QbPbYW1/e/Vwe9mqyhhyzshV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0
# /4C5+KH38nLeJLxSA8hO0Cre+i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnL
# nU+nBgMTdydE1Od/6Fmo8L8vC6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU9
# 6LHc/RzY9HdaXFSMb++hUD38dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ
# 9VVrzyerbHbObyMt9H5xaiNrIv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9X
# ql4o4rmUMIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0B
# AQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
# VQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVk
# IFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYD
# VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lD
# ZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIIC
# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKR
# N6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZz
# lm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1Oco
# LevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH
# 92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRA
# p8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+g
# GkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU
# 8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/
# FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwj
# jVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQ
# EgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUae
# tdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAw
# HQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LS
# cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF
# BQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
# Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy
# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j
# cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB
# CwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftw
# ig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalW
# zxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQm
# h2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScb
# qyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLaf
# zYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbD
# Qc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0K
# XzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm
# 8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9
# gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8a
# pIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBsAwggSo
# oAMCAQICEAxNaXJLlPo8Kko9KQeAPVowDQYJKoZIhvcNAQELBQAwYzELMAkGA1UE
# BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2Vy
# dCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0y
# MjA5MjEwMDAwMDBaFw0zMzExMjEyMzU5NTlaMEYxCzAJBgNVBAYTAlVTMREwDwYD
# VQQKEwhEaWdpQ2VydDEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIg
# LSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+ylJjrGqfJru43B
# DZrboegUhXQzGias0BxVHh42bbySVQxh9J0Jdz0Vlggva2Sk/QaDFteRkjgcMQKW
# +3KxlzpVrzPsYYrppijbkGNcvYlT4DotjIdCriak5Lt4eLl6FuFWxsC6ZFO7Khbn
# UEi7iGkMiMbxvuAvfTuxylONQIMe58tySSgeTIAehVbnhe3yYbyqOgd99qtu5Wbd
# 4lz1L+2N1E2VhGjjgMtqedHSEJFGKes+JvK0jM1MuWbIu6pQOA3ljJRdGVq/9XtA
# bm8WqJqclUeGhXk+DF5mjBoKJL6cqtKctvdPbnjEKD+jHA9QBje6CNk1prUe2nhY
# HTno+EyREJZ+TeHdwq2lfvgtGx/sK0YYoxn2Off1wU9xLokDEaJLu5i/+k/kezbv
# BkTkVf826uV8MefzwlLE5hZ7Wn6lJXPbwGqZIS1j5Vn1TS+QHye30qsU5Thmh1EI
# a/tTQznQZPpWz+D0CuYUbWR4u5j9lMNzIfMvwi4g14Gs0/EH1OG92V1LbjGUKYvm
# QaRllMBY5eUuKZCmt2Fk+tkgbBhRYLqmgQ8JJVPxvzvpqwcOagc5YhnJ1oV/E9mN
# ec9ixezhe7nMZxMHmsF47caIyLBuMnnHC1mDjcbu9Sx8e47LZInxscS451NeX1XS
# fRkpWQNO+l3qRXMchH7XzuLUOncCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIH
# gDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZ
# MBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2
# mi91jGogj57IbzAdBgNVHQ4EFgQUYore0GH8jzEU7ZcLzT0qlBTfUpwwWgYDVR0f
# BFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1
# c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUH
# AQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBY
# BggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
# VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG
# 9w0BAQsFAAOCAgEAVaoqGvNG83hXNzD8deNP1oUj8fz5lTmbJeb3coqYw3fUZPwV
# +zbCSVEseIhjVQlGOQD8adTKmyn7oz/AyQCbEx2wmIncePLNfIXNU52vYuJhZqMU
# KkWHSphCK1D8G7WeCDAJ+uQt1wmJefkJ5ojOfRu4aqKbwVNgCeijuJ3XrR8cuOyY
# QfD2DoD75P/fnRCn6wC6X0qPGjpStOq/CUkVNTZZmg9U0rIbf35eCa12VIp0bcrS
# BWcrduv/mLImlTgZiEQU5QpZomvnIj5EIdI/HMCb7XxIstiSDJFPPGaUr10CU+ue
# 4p7k0x+GAWScAMLpWnR1DT3heYi/HAGXyRkjgNc2Wl+WFrFjDMZGQDvOXTXUWT5D
# mhiuw8nLw/ubE19qtcfg8wXDWd8nYiveQclTuf80EGf2JjKYe/5cQpSBlIKdrAqL
# xksVStOYkEVgM4DgI974A6T2RUflzrgDQkfoQTZxd639ouiXdE4u2h4djFrIHprV
# wvDGIqhPm73YHJpRxC+a9l+nJ5e6li6FV8Bg53hWf2rvwpWaSxECyIKcyRoFfLpx
# tU56mWz06J7UWpjIn7+NuxhcQ/XQKujiYu54BNu90ftbCqhwfvCXhHjjCANdRyxj
# qCU4lwHSPzra5eX25pvcfizM/xdMTQCi2NYBDriL7ubgclWJLCcZYfZ3AYwxggX4
# MIIF9AIBATAiMBUxEzARBgNVBAMTClBvd2VyU2hlbGwCCQDRycsesv14QjANBglg
# hkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3
# DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEV
# MC8GCSqGSIb3DQEJBDEiBCAp5V6eZBH6QjWLAZghhEKm8BDpQfO3XcRLMgKTz+Qo
# WTANBgkqhkiG9w0BAQEFAASCAgCHG9QjzwkI7yuZv00SPTUJxSZS23trrb8ss/pz
# QJywAShxpq1SE4qem/pkwFdhRbbv5pSRxHj2SnA0JdONKu3AYD/Y1t7UnpeQmYXQ
# K4RHvnum0JMaMfzEIKangvYsNAf6BbRJe2o0DMrrhKL7UJeJl3dr/aXIRxiVF2q/
# pXeQXVhZu1arm20GMyvYIjCK8Axma1cM2+t5xRVx/ujVnM9/NmV9j1ukhrxYdSwV
# 3osxOgyr8dlWscCc3bl7sSrq6qIEHGPjHsdcqR06ZulZhPdMq7IEkJksag+Tfi+t
# oImii+fwhuYbT7W7eMxINStC4yWhGDg6xZmz+TJDddqC3TuGmaoiBJMh6iLaTWf6
# a7K/Ypazc99YZ1Z2EIV649xqVl4hDxOP/BE2TZogxSloPZHlY5IxiyM0S1413tct
# N5dllUbWMWNGyC6iWe3+14BW+rornbUPo6IA8BENRPQG2J0WAWDeNw6HeH27Qt37
# wnqAHnrlNg1rGOoCDq1Skzr2nOHi3erQA68Jd4aONqjPQ6J/g2ohM+sbcLpoIhUT
# vL7iTyZMI4Lb4cWCaHSr/6F6dZ0NE1fQZ3pAXgK9sFx1bep4Mshu84qPC63HOsRO
# FxR0ypbdUpwl0xw3Y9urfwQMdTg+fECMJ3rRrdYsuNGu2zSaspkLMfDMA6hSMeDo
# +8Af3qGCAyAwggMcBgkqhkiG9w0BCQYxggMNMIIDCQIBATB3MGMxCzAJBgNVBAYT
# AlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQg
# VHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0ECEAxNaXJL
# lPo8Kko9KQeAPVowDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZI
# hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzAzMTUyMDM4MzdaMC8GCSqGSIb3DQEJ
# BDEiBCCLhacUFaBSCQ2YRdmF2bd0vIDxDA9iHZCtBnK68oo73TANBgkqhkiG9w0B
# AQEFAASCAgBDe/aboSbY+kOB0318AmEDpuVUPoxnGeg6SY6cQa0ZiL0qOxFTBUmS
# G/Okg3Rg7+PSebnaT272/ukBqjdNL8bTI0zDfJbkUQzWcTDXaJu6qQX/glVRo4GD
# 23eOHFwzB6+bzjbDJaKiTGlHGLJN1D5IBwNfbWOOny08ZnfKuhPIVDQHeZL7O4H/
# FEwgQoYKINvHzc3ocM6MwBPlb6pbc/dxlnOmQHliFGx+hlnaA44rEPyGWKP2ZYbX
# m2htxBVUQFmXOtATwY642sS029JVVQJ7rCb+5Nbn52t2p7CJBOXAJuco6KwNEfjA
# 89ytOEZU7FgsQot6OZglmQ8gKWhTDcPMhz/k8FX5aF6UUtqGrhfw7ddK6y9e89TB
# 2zpS8BqQ6cvUN/P6Lf0VhYsv583Nq2MDYVddKDsICSzfrC4Dy4sjoClB0elaekis
# minOgpdMqmJ3UtE/MzDkvvXXtN0qPBQjymx+SoTnwX7EjaQ5GdTr77Yt1Z4aH2q3
# QAWRcF6YQpijJVkjVRP1XitykjGxSIzdbFn7GsvZ37BgyfmSCW3f9n+nq67Ss4bb
# n9xcgzEk2qhkxoAp3WA2iALdOydavO3Vhxs3u2dko/iqdkQ3z4ubhP60bf1m0U8w
# a39ZYqAx4IpXu4EAlfDTHVJkWU5PU9l/Wohy+0NoHZ10pKI8SzUzOg==
# SIG # End signature block

RFC 3161 Timestamp

Write-Host test

# SIG # Begin signature block
# MIIfmQYJKoZIhvcNAQcCoIIfijCCH4YCAQMxDTALBglghkgBZQMEAgEwewYKKwYB
# BAGCNwIBBKBtBGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBaNEv+Ne+U+glD
# iFrbl8Ct5Gf+ataCxj80K+LzYzeavaCCBNswggTXMIICv6ADAgECAgkApr9gS57+
# nmAwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAz
# MTQxOTEyMjBaFw0yMzAzMTUxOTQyMjBaMBUxEzARBgNVBAMTClBvd2VyU2hlbGww
# ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfwd4HfoBff9LHby3DWv+u
# TaM9ucOiI5AbVpSsXcjUr7kVQ52ootrpqniox8cAJrGoN4XJvV353eenq64kQheX
# lYvZxs3i8prr/VevA0VLvByMJva2sdkjxeIixFE1jP65W02TOS7cYRMxIBUnS/ix
# OAV1HiiSAZ1/f14UrtsN0P3ueujffNxVBknW6qhgRYVyLzetybBfVVKlUEmGybr/
# uCCzbSyl9EG9stHk7aQUfZL/xzhU8gFmTsh8K4eTFDDMnNzRt3D3OOhNaAQQ+5uW
# CkvdblNwR8kASLTKvHhpe3zzCgwz+3CPExtC/Qz4mT7K77jBuwRy4zl7rEqPWlKk
# Guln9ujO1KtCJFKy3V8jlvld2tg4BWLJag4Z6/8WopO4U/YeNpfqPhfgjWpF9XPQ
# tW4C8UHsNnRbPu6RZhtF+blHDbV7+GM4T02HZBnhD654woUe61cUU1wJ3iZF5QyS
# 0eL2A58muFdWyM4Kcu9uDmBnkIaQXf4XECTsU6h9+4tb+kkszn3Xzs2Nc20YpIAW
# VvzcT3cw0noiDzMlblz4APBiCC5ATPNFHaElpRzWiPD31LXDw8HPkhm5sLcO5Hf0
# pRfZ15zjFZnua/lpz9/YPUxf9hqWlsP0i0TM0XMtb/OPj06F++ZbEPHwTc7pKaYN
# 2ptSUVzBGiFGQrwfDTW6UwIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0l
# AQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAJ6MYEI/NrvrUBjv
# nYGoYQJksc9m6SOejFt0jZ2xQlpBCfLtChwB8dQWuaUpgVwNKlckodbmkdohh+3S
# 58OgSfapV3bemyzO0cXlO2+tynTsTnr+nsF2WC05Y3zcCrUf38yhNL11iOXxh63m
# wlJvsbmE9jCfziOx9Cw7923bXEIfThyh9OFkquNkXdX5vyYLdl3NIq6l+jeZfY7I
# l3agp0/TjFv0Hz3tba9gK4XSw3ir+UqGKr5LwlcIaA5PAYbyvm8TmhkNzN8KZBvo
# w08/VQ6Jc8LqFOzGkdQTPVk46t3pNnvppnw89JAy519njE2pQsk9vBR7lz5ALx7U
# rjYK+iU2PEgEk8ptOWZGfzghpDHU2CJOdbvhiFx+uvGU/joCFZ+JmsbRmq2qbZpN
# T77K477m7j20RjHFwEYB+STDzlZgFLEzo2kgIIDy4rxe/DIx1nK2nMAyb7nEBxxq
# 7euxKBtHhEsU2aBX0wpNbWMtNOTeGBGr5z4SPZei22wWEyyPXXcU3FS3gIwwetOx
# GFoH8VnlxRaxi6ZelSwPwLfakJtswL4wgWLJjkTvX4qBVjLAlNFuY7CUO8CjwYHe
# Yy0abL1iLPmZGIFcSXxvMnAheK+r9pPOFF9d/mTWOw8IHQdovgaxkurgClt8RMW3
# IrzRuG4R+A7aR3SiKpjKYdFQ7KkcMYIaFDCCGhACAQEwIjAVMRMwEQYDVQQDEwpQ
# b3dlclNoZWxsAgkApr9gS57+nmAwCwYJYIZIAWUDBAIBoHwwEAYKKwYBBAGCNwIB
# DDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO
# MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIIAulLQTO7GoXVAIp3Kt0pmC
# BTLme/oYiEVvdbIXP5baMAsGCSqGSIb3DQEBAQSCAgAjawJWoj86wLXTBpFDg6ng
# yPOmNNIIhkczeyGWy0stomQHqyj5NdwsfDcRmfHmIJuADr1349dXuEEehfbTSki8
# Cq8m+TdnA1ovTYHzFPqZlkFk81wGwBhVNwcylHyvbJ9FScG7H6unqwI2L92tooTW
# OBI8gHQrZx3tcdc0QVKoRkEhfg+BwRhryiIOy6emorRQMWgJr28k1BIwev1d/N7u
# COPZnAho0w14LWoWua1Ga9RM7ni8v1JxYkVVVtcGCNfphLhriqT9+B8WV4aLmgMt
# l8+4FLkPjJzlUMCv9knzwVxWg3LPrbUWi6nRyti5eulOpAAxYSZ+7dnBGQkqZRSk
# TdQW1HlRCDSUPgVKj2j+yfYUh3FWLtCt8Q29VOtUIXB93PDOqjxlJ/D2TT06PJep
# HDt7PPkT2/2qrZvzJLrw6zp5WjLesAasQVu8AVGSPnE7CwQi8aD4HlOzPV/uBsC4
# WJM200gbUnk3yeOQPYDw3cP4ea3rZ5s9tl4JNPxCrKnkjPrIvsGV6puBdXzRQLUH
# qXk+ASlfLbTbzKFYogEIsO4USi7rHfe9kU78hAG3MGWN9GRYCRrPRCSWgxvFu0NN
# vZLDE2e5B3w5B6s776DG3TvWI6qcVXBotGlm9qX6se5KjBOVDmAhApKTQOY7v8yH
# MWu05GLNplWLcHvvz99UtKGCF0kwghdFBgorBgEEAYI3AwMBMYIXNTCCFzEGCSqG
# SIb3DQEHAqCCFyIwghceAgEDMQ8wDQYJYIZIAWUDBAIBBQAwgYIGCyqGSIb3DQEJ
# EAEEoHMEcTBvAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQgXGFtF8hP
# K5tnyM4Yvcr7ZiZpOFuTFFvT8ck4UFVuwAACEQDqREbe4dpMubzZcmszYtI5GA8y
# MDIzMDMxNTE5MTMwMVoCCHYbQTDn3aVroIITBzCCBY0wggR1oAMCAQICEA6bGI75
# 0C3n79tQ4ghAGFowDQYJKoZIhvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNV
# BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG
# A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAw
# MFoXDTMxMTEwOTIzNTk1OVowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD
# ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGln
# aUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
# CgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuE
# DcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNw
# wrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs0
# 6wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e
# 5TXnMcvak17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtV
# gkEy19sEcypukQF8IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85
# tRFYF/ckXEaPZPfBaYh2mHY9WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+S
# kjqePdwA5EUlibaaRBkrfsCUtNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1Yxw
# LEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzl
# DlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFr
# b7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATow
# ggE2MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiu
# HA9PMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQE
# AwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
# Z2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2
# hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290
# Q0EuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/
# Q1xV5zhfoKN0Gz22Ftf3v1cHvZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNK
# ei8ttzjv9P+Aufih9/Jy3iS8UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHr
# lnKhSLSZy51PpwYDE3cnRNTnf+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4
# oVaO7KTVPeix3P0c2PR3WlxUjG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5A
# Y8WYIsGyWfVVa88nq2x2zm8jLfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNN
# n3O3AamfV6peKOK5lDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJ
# KoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu
# YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQg
# VHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVow
# YzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQD
# EzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGlu
# ZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklR
# VcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54P
# Mx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupR
# PfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvo
# hGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV
# 5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYV
# VSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6i
# c/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/Ci
# PMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5
# K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oi
# qMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuld
# yF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAG
# AQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAW
# gBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAww
# CgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8v
# b2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRp
# Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDow
# OKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRS
# b290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkq
# hkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvH
# UF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0M
# CIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCK
# rOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rA
# J4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZ
# xhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScs
# PT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1M
# rfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXse
# GYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWY
# MbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYp
# hwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPww
# ggbAMIIEqKADAgECAhAMTWlyS5T6PCpKPSkHgD1aMA0GCSqGSIb3DQEBCwUAMGMx
# CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMy
# RGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcg
# Q0EwHhcNMjIwOTIxMDAwMDAwWhcNMzMxMTIxMjM1OTU5WjBGMQswCQYDVQQGEwJV
# UzERMA8GA1UEChMIRGlnaUNlcnQxJDAiBgNVBAMTG0RpZ2lDZXJ0IFRpbWVzdGFt
# cCAyMDIyIC0gMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/spSY6
# xqnya7uNwQ2a26HoFIV0MxomrNAcVR4eNm28klUMYfSdCXc9FZYIL2tkpP0GgxbX
# kZI4HDEClvtysZc6Va8z7GGK6aYo25BjXL2JU+A6LYyHQq4mpOS7eHi5ehbhVsbA
# umRTuyoW51BIu4hpDIjG8b7gL307scpTjUCDHufLckkoHkyAHoVW54Xt8mG8qjoH
# ffarbuVm3eJc9S/tjdRNlYRo44DLannR0hCRRinrPibytIzNTLlmyLuqUDgN5YyU
# XRlav/V7QG5vFqianJVHhoV5PgxeZowaCiS+nKrSnLb3T254xCg/oxwPUAY3ugjZ
# Naa1Htp4WB056PhMkRCWfk3h3cKtpX74LRsf7CtGGKMZ9jn39cFPcS6JAxGiS7uY
# v/pP5Hs27wZE5FX/NurlfDHn88JSxOYWe1p+pSVz28BqmSEtY+VZ9U0vkB8nt9Kr
# FOU4ZodRCGv7U0M50GT6Vs/g9ArmFG1keLuY/ZTDcyHzL8IuINeBrNPxB9Thvdld
# S24xlCmL5kGkZZTAWOXlLimQprdhZPrZIGwYUWC6poEPCSVT8b876asHDmoHOWIZ
# ydaFfxPZjXnPYsXs4Xu5zGcTB5rBeO3GiMiwbjJ5xwtZg43G7vUsfHuOy2SJ8bHE
# uOdTXl9V0n0ZKVkDTvpd6kVzHIR+187i1Dp3AgMBAAGjggGLMIIBhzAOBgNVHQ8B
# Af8EBAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAg
# BgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZ
# bU2FL3MpdpovdYxqII+eyG8wHQYDVR0OBBYEFGKK3tBh/I8xFO2XC809KpQU31Kc
# MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdp
# Q2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAG
# CCsGAQUFBwEBBIGDMIGAMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
# dC5jb20wWAYIKwYBBQUHMAKGTGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
# aWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQw
# DQYJKoZIhvcNAQELBQADggIBAFWqKhrzRvN4Vzcw/HXjT9aFI/H8+ZU5myXm93KK
# mMN31GT8Ffs2wklRLHiIY1UJRjkA/GnUypsp+6M/wMkAmxMdsJiJ3HjyzXyFzVOd
# r2LiYWajFCpFh0qYQitQ/Bu1nggwCfrkLdcJiXn5CeaIzn0buGqim8FTYAnoo7id
# 160fHLjsmEHw9g6A++T/350Qp+sAul9Kjxo6UrTqvwlJFTU2WZoPVNKyG39+Xgmt
# dlSKdG3K0gVnK3br/5iyJpU4GYhEFOUKWaJr5yI+RCHSPxzAm+18SLLYkgyRTzxm
# lK9dAlPrnuKe5NMfhgFknADC6Vp0dQ094XmIvxwBl8kZI4DXNlpflhaxYwzGRkA7
# zl011Fk+Q5oYrsPJy8P7mxNfarXH4PMFw1nfJ2Ir3kHJU7n/NBBn9iYymHv+XEKU
# gZSCnawKi8ZLFUrTmJBFYDOA4CPe+AOk9kVH5c64A0JH6EE2cXet/aLol3ROLtoe
# HYxayB6a1cLwxiKoT5u92ByaUcQvmvZfpyeXupYuhVfAYOd4Vn9q78KVmksRAsiC
# nMkaBXy6cbVOepls9Oie1FqYyJ+/jbsYXEP10Cro4mLueATbvdH7WwqocH7wl4R4
# 4wgDXUcsY6glOJcB0j862uXl9uab3H4szP8XTE0AotjWAQ64i+7m4HJViSwnGWH2
# dwGMMYIDdjCCA3ICAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNl
# cnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBT
# SEEyNTYgVGltZVN0YW1waW5nIENBAhAMTWlyS5T6PCpKPSkHgD1aMA0GCWCGSAFl
# AwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0B
# CQUxDxcNMjMwMzE1MTkxMzAxWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTzhyJN
# hjOCkjWplLy9j5bp/hx8czAvBgkqhkiG9w0BCQQxIgQgYsWTfaWXTMtlhLhoLMR8
# GLFVGc0U5R0NszqYyGeph0EwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQgx/ThvjIo
# iSCr4iY6vhrE/E/meBwtZNBMgHVXoCO1tvowDQYJKoZIhvcNAQEBBQAEggIAiDWS
# GTm7kFhbVZOPr5pY76EVwzyDrxRvWRCh+2HwicG81hxq8JS7nRnPo7Jyh0M7XmTc
# yHkLyF0bf5KL93u9MMnwK/K/qKLuJDVkyCIIAd6RCG7JcAATzhmw7aJfLRqBqP/W
# VYlkjFUXkBHwapE75sTfq81AUJbo5r9bzOjP92SnUUe0ImTdNFn7oDFB7InzYzls
# 2t+j9ngz7rzgaLkvmgoELJ0UlXNtKudffy5msUQ2b6rZdubyHr+jSkcpNhWCkQhF
# 6EauruUmr03HDe7200u1MTTMBK9Z/rbK7txoTpfI5JZk/x9Zby0Bi89yxeKEGLoL
# kGr0a1KqE1KcAv6BFOphGvafLnocABLxXWYkJaSO95V6CtGr3PASIOtEWuWujvwy
# LkqED7yGiCZv9fFVA7e23esZxfVijoMtFH586yhhpC8ZU6G6KnGxEINfVwhZE27n
# Ab9lgDq8R8d7HKu7S5WzYEOjIC3opFlN0XRB2h96LStfRkEQFWP6jFf+atV/qhHe
# RJrkK0M+7tvwvO8LNyVOlbk+bLXi3VTiXUHtyAgf4xmT4dO7ISrWb36E6/RAM3/d
# kJfDy4jMY85wJC9zxOywaC8HOVYszroiVNVI5Q+CVpuXNIRfo8lmBkh9I7l/Ieal
# kbGz6Ce3oBt5+fyQjT7xEt3ogiqlytmIv1lD5aU=
# SIG # End signature block
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Mar 15, 2023
@ghost
Copy link

ghost commented Mar 15, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

Using SignedCms.CheckSignature(false) fails when the certificate has expired but was countersigned before it was expired. The WinVerifyTrust function on Windows does not report an error with these signatures.

Reproduction Steps

Here are 2 Authenticode base64 strings of some PowerShell files that have been signed with a now expired certificate. Note these are self signed certs used for testing so they would have been to be trusted to avoid the CA trust failure.

The first is one signed with a timestamp using the old Authenticode timestamp functionality:

MIIehAYJKoZIhvcNAQcCoIIedTCCHnECAQExDzANBglghkgBZQMEAgEFADB5BgorBgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLGKX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBWYryjZjo1cjdJeX1p42umeyEBm4NaeKGQxt09ACzoa6CCF+IwggTXMIICv6ADAgECAgkA0cnLHrL9eEIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAzMTQyMDM4MzFaFw0yMzAzMTUyMDQzMzFaMBUxEzARBgNVBAMTClBvd2VyU2hlbGwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwH926aUCIoMbG8rjAavLPlTSEJ20S4JoilIKatvJY432v5/gtH+jNMv8qRvrAaceLuo2AusOn68WjW3ZxcZR2yAh3llWvaxEfFc/N06Re242LxXGdK8XUq3NPqQkHkPiIFaW4SX6PsQ8R3su9MM66WsNvz5/78MYpvbtN7QiXKTfEudpI/QdLYPOHaCQXEr8PzW0g5wx6JMHa/3YewMRKYVvsEwBbVGt+5/YMRFZzLcloOYal4W8abUoLxYMT/uoy0MmYz3pmtAiIdLKzOgU1+C/1MhrdjGfXF88EHVqHnyyk042pyTmaXAAneAarfyelTmLVTrVO8FVF85iUaDjxlSY49V7gjrD8hNcHz/UYK3+RCfXJF35tn+Q3DkfuuooD4GOnMGPUNSY1fqS42q6lAAub0eufl4sxRfHw2cqyM2+bBz8gih+gzNf6y0E83D4jbryWr/gkPO8lOqU4mgJcyl60/GpkHaLyioln7VLPwT8ay4jXvJqvFw9p1pDBXKhe98enip8PGmmiCESv6HcDYEAeNfkO6Pz1RMgDB4yzIcYA13ZEGUTByfoC8JhD2VbsVOHUM/5pviI4eTW39W9elCbKQmasVeavoGaHikGua75h/pL+0uORrJBZxkyxJaG4YQ5BTU+YUvQvJPw6blB6bk8Z1WbNN8WW6E1v/8Do8QIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAEUQDpyRT3pBX+YaleFXrgBw+QJMEuzwPu+uZI++HR4Crk4h0BIFFwkS0yx6XQlPZT33F3kZ73IXfVsm9FQ99ZqahqyO+aWUz/AAkWM00MD2DTnFWqcRe8hl6BW7tverNXaWDXEAJwJSwY8FslBUYeMQMgLwtKVBlu0SnA18GQn+M5KRpsgOUvzTI6LACvRS6y/ehwBN4kR9tilu9t8jqVeKyTN0b2kZ59Ht7C4+J3XnA7Zp9Vr1SlSZ9dLIrQw5HeMasSmDheiFaRBbVGmFMcselHxQwCN5kDV9jzDjrmAnIwoDPFSlzG/GRJCQAK6XgXUH8RdVLkj9Tq79HXTNCwu+M/pqqPAK6FxQr806KTglqRGWsZF41HJCIttRwWQevqjjEck1MzOYemVwI4m5N1I9xvUqfie5Ba+I3Efy4WjhPGLG4b4M+DijnbUKv/iwiCEznztMiKVhcYp+EXzHzM5Pr5nUMZsIHv2kAyCl8H7+aLYsJQWdzG7CCGic3nv7bkxXqfDE1AY2xufp8Yy8OCnA2mnt2jHLZA0r/oN/3KkodVhvBSwFfXhjBLtupwp0EKeMAQ4dXH/oQF0o9ExZUI5/ppkVuEW/AobqYCUNEcpn4roZoBia84dt7bfGHnaXgyECn2bvbIB300qYQwmOepFYRpTWni94nsD237f6cKkOMIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21DiCEAYWjANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+go3QbPbYW1/e/Vwe9mqyhhyzshV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0/4C5+KH38nLeJLxSA8hO0Cre+i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnLnU+nBgMTdydE1Od/6Fmo8L8vC6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU96LHc/RzY9HdaXFSMb++hUD38dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ9VVrzyerbHbObyMt9H5xaiNrIv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9Xql4o4rmUMIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBsAwggSooAMCAQICEAxNaXJLlPo8Kko9KQeAPVowDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yMjA5MjEwMDAwMDBaFw0zMzExMjEyMzU5NTlaMEYxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIgLSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+ylJjrGqfJru43BDZrboegUhXQzGias0BxVHh42bbySVQxh9J0Jdz0Vlggva2Sk/QaDFteRkjgcMQKW+3KxlzpVrzPsYYrppijbkGNcvYlT4DotjIdCriak5Lt4eLl6FuFWxsC6ZFO7KhbnUEi7iGkMiMbxvuAvfTuxylONQIMe58tySSgeTIAehVbnhe3yYbyqOgd99qtu5Wbd4lz1L+2N1E2VhGjjgMtqedHSEJFGKes+JvK0jM1MuWbIu6pQOA3ljJRdGVq/9XtAbm8WqJqclUeGhXk+DF5mjBoKJL6cqtKctvdPbnjEKD+jHA9QBje6CNk1prUe2nhYHTno+EyREJZ+TeHdwq2lfvgtGx/sK0YYoxn2Off1wU9xLokDEaJLu5i/+k/kezbvBkTkVf826uV8MefzwlLE5hZ7Wn6lJXPbwGqZIS1j5Vn1TS+QHye30qsU5Thmh1EIa/tTQznQZPpWz+D0CuYUbWR4u5j9lMNzIfMvwi4g14Gs0/EH1OG92V1LbjGUKYvmQaRllMBY5eUuKZCmt2Fk+tkgbBhRYLqmgQ8JJVPxvzvpqwcOagc5YhnJ1oV/E9mNec9ixezhe7nMZxMHmsF47caIyLBuMnnHC1mDjcbu9Sx8e47LZInxscS451NeX1XSfRkpWQNO+l3qRXMchH7XzuLUOncCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAdBgNVHQ4EFgQUYore0GH8jzEU7ZcLzT0qlBTfUpwwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAVaoqGvNG83hXNzD8deNP1oUj8fz5lTmbJeb3coqYw3fUZPwV+zbCSVEseIhjVQlGOQD8adTKmyn7oz/AyQCbEx2wmIncePLNfIXNU52vYuJhZqMUKkWHSphCK1D8G7WeCDAJ+uQt1wmJefkJ5ojOfRu4aqKbwVNgCeijuJ3XrR8cuOyYQfD2DoD75P/fnRCn6wC6X0qPGjpStOq/CUkVNTZZmg9U0rIbf35eCa12VIp0bcrSBWcrduv/mLImlTgZiEQU5QpZomvnIj5EIdI/HMCb7XxIstiSDJFPPGaUr10CU+ue4p7k0x+GAWScAMLpWnR1DT3heYi/HAGXyRkjgNc2Wl+WFrFjDMZGQDvOXTXUWT5Dmhiuw8nLw/ubE19qtcfg8wXDWd8nYiveQclTuf80EGf2JjKYe/5cQpSBlIKdrAqLxksVStOYkEVgM4DgI974A6T2RUflzrgDQkfoQTZxd639ouiXdE4u2h4djFrIHprVwvDGIqhPm73YHJpRxC+a9l+nJ5e6li6FV8Bg53hWf2rvwpWaSxECyIKcyRoFfLpxtU56mWz06J7UWpjIn7+NuxhcQ/XQKujiYu54BNu90ftbCqhwfvCXhHjjCANdRyxjqCU4lwHSPzra5eX25pvcfizM/xdMTQCi2NYBDriL7ubgclWJLCcZYfZ3AYwxggX4MIIF9AIBATAiMBUxEzARBgNVBAMTClBvd2VyU2hlbGwCCQDRycsesv14QjANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCAp5V6eZBH6QjWLAZghhEKm8BDpQfO3XcRLMgKTz+QoWTANBgkqhkiG9w0BAQEFAASCAgCHG9QjzwkI7yuZv00SPTUJxSZS23trrb8ss/pzQJywAShxpq1SE4qem/pkwFdhRbbv5pSRxHj2SnA0JdONKu3AYD/Y1t7UnpeQmYXQK4RHvnum0JMaMfzEIKangvYsNAf6BbRJe2o0DMrrhKL7UJeJl3dr/aXIRxiVF2q/pXeQXVhZu1arm20GMyvYIjCK8Axma1cM2+t5xRVx/ujVnM9/NmV9j1ukhrxYdSwV3osxOgyr8dlWscCc3bl7sSrq6qIEHGPjHsdcqR06ZulZhPdMq7IEkJksag+Tfi+toImii+fwhuYbT7W7eMxINStC4yWhGDg6xZmz+TJDddqC3TuGmaoiBJMh6iLaTWf6a7K/Ypazc99YZ1Z2EIV649xqVl4hDxOP/BE2TZogxSloPZHlY5IxiyM0S1413tctN5dllUbWMWNGyC6iWe3+14BW+rornbUPo6IA8BENRPQG2J0WAWDeNw6HeH27Qt37wnqAHnrlNg1rGOoCDq1Skzr2nOHi3erQA68Jd4aONqjPQ6J/g2ohM+sbcLpoIhUTvL7iTyZMI4Lb4cWCaHSr/6F6dZ0NE1fQZ3pAXgK9sFx1bep4Mshu84qPC63HOsROFxR0ypbdUpwl0xw3Y9urfwQMdTg+fECMJ3rRrdYsuNGu2zSaspkLMfDMA6hSMeDo+8Af3qGCAyAwggMcBgkqhkiG9w0BCQYxggMNMIIDCQIBATB3MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0ECEAxNaXJLlPo8Kko9KQeAPVowDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzAzMTUyMDM4MzdaMC8GCSqGSIb3DQEJBDEiBCCLhacUFaBSCQ2YRdmF2bd0vIDxDA9iHZCtBnK68oo73TANBgkqhkiG9w0BAQEFAASCAgBDe/aboSbY+kOB0318AmEDpuVUPoxnGeg6SY6cQa0ZiL0qOxFTBUmSG/Okg3Rg7+PSebnaT272/ukBqjdNL8bTI0zDfJbkUQzWcTDXaJu6qQX/glVRo4GD23eOHFwzB6+bzjbDJaKiTGlHGLJN1D5IBwNfbWOOny08ZnfKuhPIVDQHeZL7O4H/FEwgQoYKINvHzc3ocM6MwBPlb6pbc/dxlnOmQHliFGx+hlnaA44rEPyGWKP2ZYbXm2htxBVUQFmXOtATwY642sS029JVVQJ7rCb+5Nbn52t2p7CJBOXAJuco6KwNEfjA89ytOEZU7FgsQot6OZglmQ8gKWhTDcPMhz/k8FX5aF6UUtqGrhfw7ddK6y9e89TB2zpS8BqQ6cvUN/P6Lf0VhYsv583Nq2MDYVddKDsICSzfrC4Dy4sjoClB0elaekisminOgpdMqmJ3UtE/MzDkvvXXtN0qPBQjymx+SoTnwX7EjaQ5GdTr77Yt1Z4aH2q3QAWRcF6YQpijJVkjVRP1XitykjGxSIzdbFn7GsvZ37BgyfmSCW3f9n+nq67Ss4bbn9xcgzEk2qhkxoAp3WA2iALdOydavO3Vhxs3u2dko/iqdkQ3z4ubhP60bf1m0U8wa39ZYqAx4IpXu4EAlfDTHVJkWU5PU9l/Wohy+0NoHZ10pKI8SzUzOg==

The second is one signed with a timestamp using the RFC 3161 timestamp functionality:

MIIfmQYJKoZIhvcNAQcCoIIfijCCH4YCAQMxDTALBglghkgBZQMEAgEwewYKKwYBBAGCNwIBBKBtBGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLGKX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBaNEv+Ne+U+glDiFrbl8Ct5Gf+ataCxj80K+LzYzeavaCCBNswggTXMIICv6ADAgECAgkApr9gS57+nmAwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAzMTQxOTEyMjBaFw0yMzAzMTUxOTQyMjBaMBUxEzARBgNVBAMTClBvd2VyU2hlbGwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfwd4HfoBff9LHby3DWv+uTaM9ucOiI5AbVpSsXcjUr7kVQ52ootrpqniox8cAJrGoN4XJvV353eenq64kQheXlYvZxs3i8prr/VevA0VLvByMJva2sdkjxeIixFE1jP65W02TOS7cYRMxIBUnS/ixOAV1HiiSAZ1/f14UrtsN0P3ueujffNxVBknW6qhgRYVyLzetybBfVVKlUEmGybr/uCCzbSyl9EG9stHk7aQUfZL/xzhU8gFmTsh8K4eTFDDMnNzRt3D3OOhNaAQQ+5uWCkvdblNwR8kASLTKvHhpe3zzCgwz+3CPExtC/Qz4mT7K77jBuwRy4zl7rEqPWlKkGuln9ujO1KtCJFKy3V8jlvld2tg4BWLJag4Z6/8WopO4U/YeNpfqPhfgjWpF9XPQtW4C8UHsNnRbPu6RZhtF+blHDbV7+GM4T02HZBnhD654woUe61cUU1wJ3iZF5QyS0eL2A58muFdWyM4Kcu9uDmBnkIaQXf4XECTsU6h9+4tb+kkszn3Xzs2Nc20YpIAWVvzcT3cw0noiDzMlblz4APBiCC5ATPNFHaElpRzWiPD31LXDw8HPkhm5sLcO5Hf0pRfZ15zjFZnua/lpz9/YPUxf9hqWlsP0i0TM0XMtb/OPj06F++ZbEPHwTc7pKaYN2ptSUVzBGiFGQrwfDTW6UwIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAJ6MYEI/NrvrUBjvnYGoYQJksc9m6SOejFt0jZ2xQlpBCfLtChwB8dQWuaUpgVwNKlckodbmkdohh+3S58OgSfapV3bemyzO0cXlO2+tynTsTnr+nsF2WC05Y3zcCrUf38yhNL11iOXxh63mwlJvsbmE9jCfziOx9Cw7923bXEIfThyh9OFkquNkXdX5vyYLdl3NIq6l+jeZfY7Il3agp0/TjFv0Hz3tba9gK4XSw3ir+UqGKr5LwlcIaA5PAYbyvm8TmhkNzN8KZBvow08/VQ6Jc8LqFOzGkdQTPVk46t3pNnvppnw89JAy519njE2pQsk9vBR7lz5ALx7UrjYK+iU2PEgEk8ptOWZGfzghpDHU2CJOdbvhiFx+uvGU/joCFZ+JmsbRmq2qbZpNT77K477m7j20RjHFwEYB+STDzlZgFLEzo2kgIIDy4rxe/DIx1nK2nMAyb7nEBxxq7euxKBtHhEsU2aBX0wpNbWMtNOTeGBGr5z4SPZei22wWEyyPXXcU3FS3gIwwetOxGFoH8VnlxRaxi6ZelSwPwLfakJtswL4wgWLJjkTvX4qBVjLAlNFuY7CUO8CjwYHeYy0abL1iLPmZGIFcSXxvMnAheK+r9pPOFF9d/mTWOw8IHQdovgaxkurgClt8RMW3IrzRuG4R+A7aR3SiKpjKYdFQ7KkcMYIaFDCCGhACAQEwIjAVMRMwEQYDVQQDEwpQb3dlclNoZWxsAgkApr9gS57+nmAwCwYJYIZIAWUDBAIBoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIIAulLQTO7GoXVAIp3Kt0pmCBTLme/oYiEVvdbIXP5baMAsGCSqGSIb3DQEBAQSCAgAjawJWoj86wLXTBpFDg6ngyPOmNNIIhkczeyGWy0stomQHqyj5NdwsfDcRmfHmIJuADr1349dXuEEehfbTSki8Cq8m+TdnA1ovTYHzFPqZlkFk81wGwBhVNwcylHyvbJ9FScG7H6unqwI2L92tooTWOBI8gHQrZx3tcdc0QVKoRkEhfg+BwRhryiIOy6emorRQMWgJr28k1BIwev1d/N7uCOPZnAho0w14LWoWua1Ga9RM7ni8v1JxYkVVVtcGCNfphLhriqT9+B8WV4aLmgMtl8+4FLkPjJzlUMCv9knzwVxWg3LPrbUWi6nRyti5eulOpAAxYSZ+7dnBGQkqZRSkTdQW1HlRCDSUPgVKj2j+yfYUh3FWLtCt8Q29VOtUIXB93PDOqjxlJ/D2TT06PJepHDt7PPkT2/2qrZvzJLrw6zp5WjLesAasQVu8AVGSPnE7CwQi8aD4HlOzPV/uBsC4WJM200gbUnk3yeOQPYDw3cP4ea3rZ5s9tl4JNPxCrKnkjPrIvsGV6puBdXzRQLUHqXk+ASlfLbTbzKFYogEIsO4USi7rHfe9kU78hAG3MGWN9GRYCRrPRCSWgxvFu0NNvZLDE2e5B3w5B6s776DG3TvWI6qcVXBotGlm9qX6se5KjBOVDmAhApKTQOY7v8yHMWu05GLNplWLcHvvz99UtKGCF0kwghdFBgorBgEEAYI3AwMBMYIXNTCCFzEGCSqGSIb3DQEHAqCCFyIwghceAgEDMQ8wDQYJYIZIAWUDBAIBBQAwgYIGCyqGSIb3DQEJEAEEoHMEcTBvAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQgXGFtF8hPK5tnyM4Yvcr7ZiZpOFuTFFvT8ck4UFVuwAACEQDqREbe4dpMubzZcmszYtI5GA8yMDIzMDMxNTE5MTMwMVoCCHYbQTDn3aVroIITBzCCBY0wggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJKoZIhvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1OVowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3v1cHvZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy3iS8UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cnRNTnf+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3WlxUjG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2zm8jLfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwggbAMIIEqKADAgECAhAMTWlyS5T6PCpKPSkHgD1aMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjIwOTIxMDAwMDAwWhcNMzMxMTIxMjM1OTU5WjBGMQswCQYDVQQGEwJVUzERMA8GA1UEChMIRGlnaUNlcnQxJDAiBgNVBAMTG0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDIyIC0gMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/spSY6xqnya7uNwQ2a26HoFIV0MxomrNAcVR4eNm28klUMYfSdCXc9FZYIL2tkpP0GgxbXkZI4HDEClvtysZc6Va8z7GGK6aYo25BjXL2JU+A6LYyHQq4mpOS7eHi5ehbhVsbAumRTuyoW51BIu4hpDIjG8b7gL307scpTjUCDHufLckkoHkyAHoVW54Xt8mG8qjoHffarbuVm3eJc9S/tjdRNlYRo44DLannR0hCRRinrPibytIzNTLlmyLuqUDgN5YyUXRlav/V7QG5vFqianJVHhoV5PgxeZowaCiS+nKrSnLb3T254xCg/oxwPUAY3ugjZNaa1Htp4WB056PhMkRCWfk3h3cKtpX74LRsf7CtGGKMZ9jn39cFPcS6JAxGiS7uYv/pP5Hs27wZE5FX/NurlfDHn88JSxOYWe1p+pSVz28BqmSEtY+VZ9U0vkB8nt9KrFOU4ZodRCGv7U0M50GT6Vs/g9ArmFG1keLuY/ZTDcyHzL8IuINeBrNPxB9ThvdldS24xlCmL5kGkZZTAWOXlLimQprdhZPrZIGwYUWC6poEPCSVT8b876asHDmoHOWIZydaFfxPZjXnPYsXs4Xu5zGcTB5rBeO3GiMiwbjJ5xwtZg43G7vUsfHuOy2SJ8bHEuOdTXl9V0n0ZKVkDTvpd6kVzHIR+187i1Dp3AgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8wHQYDVR0OBBYEFGKK3tBh/I8xFO2XC809KpQU31KcMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKGTGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIBAFWqKhrzRvN4Vzcw/HXjT9aFI/H8+ZU5myXm93KKmMN31GT8Ffs2wklRLHiIY1UJRjkA/GnUypsp+6M/wMkAmxMdsJiJ3HjyzXyFzVOdr2LiYWajFCpFh0qYQitQ/Bu1nggwCfrkLdcJiXn5CeaIzn0buGqim8FTYAnoo7id160fHLjsmEHw9g6A++T/350Qp+sAul9Kjxo6UrTqvwlJFTU2WZoPVNKyG39+XgmtdlSKdG3K0gVnK3br/5iyJpU4GYhEFOUKWaJr5yI+RCHSPxzAm+18SLLYkgyRTzxmlK9dAlPrnuKe5NMfhgFknADC6Vp0dQ094XmIvxwBl8kZI4DXNlpflhaxYwzGRkA7zl011Fk+Q5oYrsPJy8P7mxNfarXH4PMFw1nfJ2Ir3kHJU7n/NBBn9iYymHv+XEKUgZSCnawKi8ZLFUrTmJBFYDOA4CPe+AOk9kVH5c64A0JH6EE2cXet/aLol3ROLtoeHYxayB6a1cLwxiKoT5u92ByaUcQvmvZfpyeXupYuhVfAYOd4Vn9q78KVmksRAsiCnMkaBXy6cbVOepls9Oie1FqYyJ+/jbsYXEP10Cro4mLueATbvdH7WwqocH7wl4R44wgDXUcsY6glOJcB0j862uXl9uab3H4szP8XTE0AotjWAQ64i+7m4HJViSwnGWH2dwGMMYIDdjCCA3ICAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBAhAMTWlyS5T6PCpKPSkHgD1aMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjMwMzE1MTkxMzAxWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTzhyJNhjOCkjWplLy9j5bp/hx8czAvBgkqhkiG9w0BCQQxIgQgYsWTfaWXTMtlhLhoLMR8GLFVGc0U5R0NszqYyGeph0EwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQgx/ThvjIoiSCr4iY6vhrE/E/meBwtZNBMgHVXoCO1tvowDQYJKoZIhvcNAQEBBQAEggIAiDWSGTm7kFhbVZOPr5pY76EVwzyDrxRvWRCh+2HwicG81hxq8JS7nRnPo7Jyh0M7XmTcyHkLyF0bf5KL93u9MMnwK/K/qKLuJDVkyCIIAd6RCG7JcAATzhmw7aJfLRqBqP/WVYlkjFUXkBHwapE75sTfq81AUJbo5r9bzOjP92SnUUe0ImTdNFn7oDFB7InzYzls2t+j9ngz7rzgaLkvmgoELJ0UlXNtKudffy5msUQ2b6rZdubyHr+jSkcpNhWCkQhF6EauruUmr03HDe7200u1MTTMBK9Z/rbK7txoTpfI5JZk/x9Zby0Bi89yxeKEGLoLkGr0a1KqE1KcAv6BFOphGvafLnocABLxXWYkJaSO95V6CtGr3PASIOtEWuWujvwyLkqED7yGiCZv9fFVA7e23esZxfVijoMtFH586yhhpC8ZU6G6KnGxEINfVwhZE27nAb9lgDq8R8d7HKu7S5WzYEOjIC3opFlN0XRB2h96LStfRkEQFWP6jFf+atV/qhHeRJrkK0M+7tvwvO8LNyVOlbk+bLXi3VTiXUHtyAgf4xmT4dO7ISrWb36E6/RAM3/dkJfDy4jMY85wJC9zxOywaC8HOVYszroiVNVI5Q+CVpuXNIRfo8lmBkh9I7l/IealkbGz6Ce3oBt5+fyQjT7xEt3ogiqlytmIv1lD5aU=

The code to validate them

using System;
using System.Security.Cryptography.Pkcs;

namespace Authenticode;

public class Signature
{
    public static void Main(string[] args)
    {
        byte[] data = Convert.FromBase64String("...");

        SignedCms signInfo = new SignedCms();
        signInfo.Decode(data);
        signInfo.CheckSignature(false);
    }
}

Expected behavior

It to not fail with an expired cert error like WinVerifyTrust doesn't for an expired cert that was counter signed with a valid timestamp. If this can't happen it would be nice to have a way to determine whether the failure was due to an expired timestamp or whether it was something else, like an untrusted root/partial chain/etc. Currently the exception thrown has a platform specific error message which makes it harder to determine the root cause.

Actual behavior

On Windows the error is:

System.Security.Cryptography.CryptographicException: Certificate trust could not be established. The first reported error is: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
   at System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly)
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, Boolean verifySignatureOnly)

On Linux the error is:

System.Security.Cryptography.CryptographicException: Certificate trust could not be established. The first reported error is: certificate has expired
   at System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly)
   at System.Security.Cryptography.Pkcs.SignedCms.CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, Boolean verifySignatureOnly)

Regression?

No response

Known Workarounds

No response

Configuration

Dotnet Version: 7.x
OS: Tested on Windows and Linux
Architecture: x64

I don't believe it is specific to the configuration, although the error messages returned are.

Other information

Here is some PowerShell code I am using to verify the trust information with WinVerifyTrust. It's PowerShell code using my module Ctypes.

#Requires -Module Ctypes

param ($Path)

ctypes_struct WINTRUST_FILE_INFO {
    [int]$CbStruct
    [MarshalAs('LPWStr')][string]$FilePath
    [IntPtr]$File
    [IntPtr]$KnownSubject
}

ctypes_struct WINTRUST_DATA {
    [int]$CbStruct
    [IntPtr]$PolicyCallbackData
    [IntPtr]$SIPClientData
    [int]$UIChoice
    [int]$RevocationChecks
    [int]$UnionChoice
    [IntPtr]$Choice
    [int]$StateAction
    [IntPtr]$StateData
    [IntPtr]$URLReference
    [int]$ProvFlags
    [int]$UIContext
    [IntPtr]$SignatureSettings
}

$WINTRUST_ACTION_GENERIC_VERIFY_V2 = [Guid]::new("00AAC56B-CD44-11d0-8CC2-00C04FC295EE")
$WTD_UI_NONE = 2
$WTD_CHOICE_FILE = 1
$WTD_STATEACTION_VERIFY = 1

$fileInfo = [WINTRUST_FILE_INFO]@{
    CbStruct = [System.Runtime.InteropServices.Marshal]::SizeOf([type][WINTRUST_FILE_INFO])
    FilePath = $Path
}

$fileInfoPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($fileInfo.CbStruct)
try {
    [System.Runtime.InteropServices.Marshal]::StructureToPtr($fileInfo, $fileInfoPtr, $false)
    $data = [WINTRUST_DATA]@{
        CbStruct = [System.Runtime.InteropServices.Marshal]::SizeOf([type][WINTRUST_DATA])
        UIChoice = $WTD_UI_NONE
        StateAction = $WTD_STATEACTION_VERIFY
        UnionChoice = $WTD_CHOICE_FILE
        Choice = $fileInfoPtr
    }

    $wintrust = New-CtypesLib wintrust.dll
    $res = $wintrust.WinVerifyTrust(
        $null,
        [ref]$WINTRUST_ACTION_GENERIC_VERIFY_V2,
        [ref]$data
    )
    if ($res) {
        throw "Trust failed - {0} 0x{0:X8}" -f $res
    }
}
finally {
    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($fileInfoPtr)
}

The 2 PowerShell files I've used to verify this behaviour are in the collapsable section below. These files are where I got the PKCS 7 data for the Reproduction Steps section. Windows is correctly validating both of these files without any errors due to the presence of the counter signature signed when the certs were still valid. Please note these files use \r\n line endings.

Click to get .ps1 test files

Authenticode Timestamp

Write-Host test

# SIG # Begin signature block
# MIIehAYJKoZIhvcNAQcCoIIedTCCHnECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBWYryjZjo1cjdJ
# eX1p42umeyEBm4NaeKGQxt09ACzoa6CCF+IwggTXMIICv6ADAgECAgkA0cnLHrL9
# eEIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAz
# MTQyMDM4MzFaFw0yMzAzMTUyMDQzMzFaMBUxEzARBgNVBAMTClBvd2VyU2hlbGww
# ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwH926aUCIoMbG8rjAavLP
# lTSEJ20S4JoilIKatvJY432v5/gtH+jNMv8qRvrAaceLuo2AusOn68WjW3ZxcZR2
# yAh3llWvaxEfFc/N06Re242LxXGdK8XUq3NPqQkHkPiIFaW4SX6PsQ8R3su9MM66
# WsNvz5/78MYpvbtN7QiXKTfEudpI/QdLYPOHaCQXEr8PzW0g5wx6JMHa/3YewMRK
# YVvsEwBbVGt+5/YMRFZzLcloOYal4W8abUoLxYMT/uoy0MmYz3pmtAiIdLKzOgU1
# +C/1MhrdjGfXF88EHVqHnyyk042pyTmaXAAneAarfyelTmLVTrVO8FVF85iUaDjx
# lSY49V7gjrD8hNcHz/UYK3+RCfXJF35tn+Q3DkfuuooD4GOnMGPUNSY1fqS42q6l
# AAub0eufl4sxRfHw2cqyM2+bBz8gih+gzNf6y0E83D4jbryWr/gkPO8lOqU4mgJc
# yl60/GpkHaLyioln7VLPwT8ay4jXvJqvFw9p1pDBXKhe98enip8PGmmiCESv6HcD
# YEAeNfkO6Pz1RMgDB4yzIcYA13ZEGUTByfoC8JhD2VbsVOHUM/5pviI4eTW39W9e
# lCbKQmasVeavoGaHikGua75h/pL+0uORrJBZxkyxJaG4YQ5BTU+YUvQvJPw6blB6
# bk8Z1WbNN8WW6E1v/8Do8QIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0l
# AQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAEUQDpyRT3pBX+Ya
# leFXrgBw+QJMEuzwPu+uZI++HR4Crk4h0BIFFwkS0yx6XQlPZT33F3kZ73IXfVsm
# 9FQ99ZqahqyO+aWUz/AAkWM00MD2DTnFWqcRe8hl6BW7tverNXaWDXEAJwJSwY8F
# slBUYeMQMgLwtKVBlu0SnA18GQn+M5KRpsgOUvzTI6LACvRS6y/ehwBN4kR9tilu
# 9t8jqVeKyTN0b2kZ59Ht7C4+J3XnA7Zp9Vr1SlSZ9dLIrQw5HeMasSmDheiFaRBb
# VGmFMcselHxQwCN5kDV9jzDjrmAnIwoDPFSlzG/GRJCQAK6XgXUH8RdVLkj9Tq79
# HXTNCwu+M/pqqPAK6FxQr806KTglqRGWsZF41HJCIttRwWQevqjjEck1MzOYemVw
# I4m5N1I9xvUqfie5Ba+I3Efy4WjhPGLG4b4M+DijnbUKv/iwiCEznztMiKVhcYp+
# EXzHzM5Pr5nUMZsIHv2kAyCl8H7+aLYsJQWdzG7CCGic3nv7bkxXqfDE1AY2xufp
# 8Yy8OCnA2mnt2jHLZA0r/oN/3KkodVhvBSwFfXhjBLtupwp0EKeMAQ4dXH/oQF0o
# 9ExZUI5/ppkVuEW/AobqYCUNEcpn4roZoBia84dt7bfGHnaXgyECn2bvbIB300qY
# QwmOepFYRpTWni94nsD237f6cKkOMIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21Di
# CEAYWjANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
# aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtE
# aWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzEx
# MTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j
# MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBU
# cnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/
# 5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xuk
# OBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpz
# MpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
# vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qT
# XtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRz
# Km6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRc
# Ro9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADk
# RSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMY
# RJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4m
# rLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C
# 1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYD
# VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYD
# VR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkG
# CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
# Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
# aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6
# Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmww
# EQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+g
# o3QbPbYW1/e/Vwe9mqyhhyzshV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0
# /4C5+KH38nLeJLxSA8hO0Cre+i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnL
# nU+nBgMTdydE1Od/6Fmo8L8vC6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU9
# 6LHc/RzY9HdaXFSMb++hUD38dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ
# 9VVrzyerbHbObyMt9H5xaiNrIv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9X
# ql4o4rmUMIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0B
# AQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
# VQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVk
# IFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYD
# VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lD
# ZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIIC
# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKR
# N6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZz
# lm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1Oco
# LevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH
# 92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRA
# p8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+g
# GkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU
# 8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/
# FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwj
# jVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQ
# EgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUae
# tdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAw
# HQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LS
# cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF
# BQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
# Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy
# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j
# cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB
# CwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftw
# ig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalW
# zxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQm
# h2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScb
# qyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLaf
# zYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbD
# Qc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0K
# XzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm
# 8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9
# gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8a
# pIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBsAwggSo
# oAMCAQICEAxNaXJLlPo8Kko9KQeAPVowDQYJKoZIhvcNAQELBQAwYzELMAkGA1UE
# BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2Vy
# dCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0y
# MjA5MjEwMDAwMDBaFw0zMzExMjEyMzU5NTlaMEYxCzAJBgNVBAYTAlVTMREwDwYD
# VQQKEwhEaWdpQ2VydDEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIg
# LSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+ylJjrGqfJru43B
# DZrboegUhXQzGias0BxVHh42bbySVQxh9J0Jdz0Vlggva2Sk/QaDFteRkjgcMQKW
# +3KxlzpVrzPsYYrppijbkGNcvYlT4DotjIdCriak5Lt4eLl6FuFWxsC6ZFO7Khbn
# UEi7iGkMiMbxvuAvfTuxylONQIMe58tySSgeTIAehVbnhe3yYbyqOgd99qtu5Wbd
# 4lz1L+2N1E2VhGjjgMtqedHSEJFGKes+JvK0jM1MuWbIu6pQOA3ljJRdGVq/9XtA
# bm8WqJqclUeGhXk+DF5mjBoKJL6cqtKctvdPbnjEKD+jHA9QBje6CNk1prUe2nhY
# HTno+EyREJZ+TeHdwq2lfvgtGx/sK0YYoxn2Off1wU9xLokDEaJLu5i/+k/kezbv
# BkTkVf826uV8MefzwlLE5hZ7Wn6lJXPbwGqZIS1j5Vn1TS+QHye30qsU5Thmh1EI
# a/tTQznQZPpWz+D0CuYUbWR4u5j9lMNzIfMvwi4g14Gs0/EH1OG92V1LbjGUKYvm
# QaRllMBY5eUuKZCmt2Fk+tkgbBhRYLqmgQ8JJVPxvzvpqwcOagc5YhnJ1oV/E9mN
# ec9ixezhe7nMZxMHmsF47caIyLBuMnnHC1mDjcbu9Sx8e47LZInxscS451NeX1XS
# fRkpWQNO+l3qRXMchH7XzuLUOncCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIH
# gDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZ
# MBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2
# mi91jGogj57IbzAdBgNVHQ4EFgQUYore0GH8jzEU7ZcLzT0qlBTfUpwwWgYDVR0f
# BFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1
# c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUH
# AQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBY
# BggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
# VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG
# 9w0BAQsFAAOCAgEAVaoqGvNG83hXNzD8deNP1oUj8fz5lTmbJeb3coqYw3fUZPwV
# +zbCSVEseIhjVQlGOQD8adTKmyn7oz/AyQCbEx2wmIncePLNfIXNU52vYuJhZqMU
# KkWHSphCK1D8G7WeCDAJ+uQt1wmJefkJ5ojOfRu4aqKbwVNgCeijuJ3XrR8cuOyY
# QfD2DoD75P/fnRCn6wC6X0qPGjpStOq/CUkVNTZZmg9U0rIbf35eCa12VIp0bcrS
# BWcrduv/mLImlTgZiEQU5QpZomvnIj5EIdI/HMCb7XxIstiSDJFPPGaUr10CU+ue
# 4p7k0x+GAWScAMLpWnR1DT3heYi/HAGXyRkjgNc2Wl+WFrFjDMZGQDvOXTXUWT5D
# mhiuw8nLw/ubE19qtcfg8wXDWd8nYiveQclTuf80EGf2JjKYe/5cQpSBlIKdrAqL
# xksVStOYkEVgM4DgI974A6T2RUflzrgDQkfoQTZxd639ouiXdE4u2h4djFrIHprV
# wvDGIqhPm73YHJpRxC+a9l+nJ5e6li6FV8Bg53hWf2rvwpWaSxECyIKcyRoFfLpx
# tU56mWz06J7UWpjIn7+NuxhcQ/XQKujiYu54BNu90ftbCqhwfvCXhHjjCANdRyxj
# qCU4lwHSPzra5eX25pvcfizM/xdMTQCi2NYBDriL7ubgclWJLCcZYfZ3AYwxggX4
# MIIF9AIBATAiMBUxEzARBgNVBAMTClBvd2VyU2hlbGwCCQDRycsesv14QjANBglg
# hkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3
# DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEV
# MC8GCSqGSIb3DQEJBDEiBCAp5V6eZBH6QjWLAZghhEKm8BDpQfO3XcRLMgKTz+Qo
# WTANBgkqhkiG9w0BAQEFAASCAgCHG9QjzwkI7yuZv00SPTUJxSZS23trrb8ss/pz
# QJywAShxpq1SE4qem/pkwFdhRbbv5pSRxHj2SnA0JdONKu3AYD/Y1t7UnpeQmYXQ
# K4RHvnum0JMaMfzEIKangvYsNAf6BbRJe2o0DMrrhKL7UJeJl3dr/aXIRxiVF2q/
# pXeQXVhZu1arm20GMyvYIjCK8Axma1cM2+t5xRVx/ujVnM9/NmV9j1ukhrxYdSwV
# 3osxOgyr8dlWscCc3bl7sSrq6qIEHGPjHsdcqR06ZulZhPdMq7IEkJksag+Tfi+t
# oImii+fwhuYbT7W7eMxINStC4yWhGDg6xZmz+TJDddqC3TuGmaoiBJMh6iLaTWf6
# a7K/Ypazc99YZ1Z2EIV649xqVl4hDxOP/BE2TZogxSloPZHlY5IxiyM0S1413tct
# N5dllUbWMWNGyC6iWe3+14BW+rornbUPo6IA8BENRPQG2J0WAWDeNw6HeH27Qt37
# wnqAHnrlNg1rGOoCDq1Skzr2nOHi3erQA68Jd4aONqjPQ6J/g2ohM+sbcLpoIhUT
# vL7iTyZMI4Lb4cWCaHSr/6F6dZ0NE1fQZ3pAXgK9sFx1bep4Mshu84qPC63HOsRO
# FxR0ypbdUpwl0xw3Y9urfwQMdTg+fECMJ3rRrdYsuNGu2zSaspkLMfDMA6hSMeDo
# +8Af3qGCAyAwggMcBgkqhkiG9w0BCQYxggMNMIIDCQIBATB3MGMxCzAJBgNVBAYT
# AlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQg
# VHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0ECEAxNaXJL
# lPo8Kko9KQeAPVowDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZI
# hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzAzMTUyMDM4MzdaMC8GCSqGSIb3DQEJ
# BDEiBCCLhacUFaBSCQ2YRdmF2bd0vIDxDA9iHZCtBnK68oo73TANBgkqhkiG9w0B
# AQEFAASCAgBDe/aboSbY+kOB0318AmEDpuVUPoxnGeg6SY6cQa0ZiL0qOxFTBUmS
# G/Okg3Rg7+PSebnaT272/ukBqjdNL8bTI0zDfJbkUQzWcTDXaJu6qQX/glVRo4GD
# 23eOHFwzB6+bzjbDJaKiTGlHGLJN1D5IBwNfbWOOny08ZnfKuhPIVDQHeZL7O4H/
# FEwgQoYKINvHzc3ocM6MwBPlb6pbc/dxlnOmQHliFGx+hlnaA44rEPyGWKP2ZYbX
# m2htxBVUQFmXOtATwY642sS029JVVQJ7rCb+5Nbn52t2p7CJBOXAJuco6KwNEfjA
# 89ytOEZU7FgsQot6OZglmQ8gKWhTDcPMhz/k8FX5aF6UUtqGrhfw7ddK6y9e89TB
# 2zpS8BqQ6cvUN/P6Lf0VhYsv583Nq2MDYVddKDsICSzfrC4Dy4sjoClB0elaekis
# minOgpdMqmJ3UtE/MzDkvvXXtN0qPBQjymx+SoTnwX7EjaQ5GdTr77Yt1Z4aH2q3
# QAWRcF6YQpijJVkjVRP1XitykjGxSIzdbFn7GsvZ37BgyfmSCW3f9n+nq67Ss4bb
# n9xcgzEk2qhkxoAp3WA2iALdOydavO3Vhxs3u2dko/iqdkQ3z4ubhP60bf1m0U8w
# a39ZYqAx4IpXu4EAlfDTHVJkWU5PU9l/Wohy+0NoHZ10pKI8SzUzOg==
# SIG # End signature block

RFC 3161 Timestamp

Write-Host test

# SIG # Begin signature block
# MIIfmQYJKoZIhvcNAQcCoIIfijCCH4YCAQMxDTALBglghkgBZQMEAgEwewYKKwYB
# BAGCNwIBBKBtBGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBaNEv+Ne+U+glD
# iFrbl8Ct5Gf+ataCxj80K+LzYzeavaCCBNswggTXMIICv6ADAgECAgkApr9gS57+
# nmAwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKUG93ZXJTaGVsbDAeFw0yMzAz
# MTQxOTEyMjBaFw0yMzAzMTUxOTQyMjBaMBUxEzARBgNVBAMTClBvd2VyU2hlbGww
# ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfwd4HfoBff9LHby3DWv+u
# TaM9ucOiI5AbVpSsXcjUr7kVQ52ootrpqniox8cAJrGoN4XJvV353eenq64kQheX
# lYvZxs3i8prr/VevA0VLvByMJva2sdkjxeIixFE1jP65W02TOS7cYRMxIBUnS/ix
# OAV1HiiSAZ1/f14UrtsN0P3ueujffNxVBknW6qhgRYVyLzetybBfVVKlUEmGybr/
# uCCzbSyl9EG9stHk7aQUfZL/xzhU8gFmTsh8K4eTFDDMnNzRt3D3OOhNaAQQ+5uW
# CkvdblNwR8kASLTKvHhpe3zzCgwz+3CPExtC/Qz4mT7K77jBuwRy4zl7rEqPWlKk
# Guln9ujO1KtCJFKy3V8jlvld2tg4BWLJag4Z6/8WopO4U/YeNpfqPhfgjWpF9XPQ
# tW4C8UHsNnRbPu6RZhtF+blHDbV7+GM4T02HZBnhD654woUe61cUU1wJ3iZF5QyS
# 0eL2A58muFdWyM4Kcu9uDmBnkIaQXf4XECTsU6h9+4tb+kkszn3Xzs2Nc20YpIAW
# VvzcT3cw0noiDzMlblz4APBiCC5ATPNFHaElpRzWiPD31LXDw8HPkhm5sLcO5Hf0
# pRfZ15zjFZnua/lpz9/YPUxf9hqWlsP0i0TM0XMtb/OPj06F++ZbEPHwTc7pKaYN
# 2ptSUVzBGiFGQrwfDTW6UwIDAQABoyowKDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0l
# AQH/BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIBAJ6MYEI/NrvrUBjv
# nYGoYQJksc9m6SOejFt0jZ2xQlpBCfLtChwB8dQWuaUpgVwNKlckodbmkdohh+3S
# 58OgSfapV3bemyzO0cXlO2+tynTsTnr+nsF2WC05Y3zcCrUf38yhNL11iOXxh63m
# wlJvsbmE9jCfziOx9Cw7923bXEIfThyh9OFkquNkXdX5vyYLdl3NIq6l+jeZfY7I
# l3agp0/TjFv0Hz3tba9gK4XSw3ir+UqGKr5LwlcIaA5PAYbyvm8TmhkNzN8KZBvo
# w08/VQ6Jc8LqFOzGkdQTPVk46t3pNnvppnw89JAy519njE2pQsk9vBR7lz5ALx7U
# rjYK+iU2PEgEk8ptOWZGfzghpDHU2CJOdbvhiFx+uvGU/joCFZ+JmsbRmq2qbZpN
# T77K477m7j20RjHFwEYB+STDzlZgFLEzo2kgIIDy4rxe/DIx1nK2nMAyb7nEBxxq
# 7euxKBtHhEsU2aBX0wpNbWMtNOTeGBGr5z4SPZei22wWEyyPXXcU3FS3gIwwetOx
# GFoH8VnlxRaxi6ZelSwPwLfakJtswL4wgWLJjkTvX4qBVjLAlNFuY7CUO8CjwYHe
# Yy0abL1iLPmZGIFcSXxvMnAheK+r9pPOFF9d/mTWOw8IHQdovgaxkurgClt8RMW3
# IrzRuG4R+A7aR3SiKpjKYdFQ7KkcMYIaFDCCGhACAQEwIjAVMRMwEQYDVQQDEwpQ
# b3dlclNoZWxsAgkApr9gS57+nmAwCwYJYIZIAWUDBAIBoHwwEAYKKwYBBAGCNwIB
# DDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO
# MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIIAulLQTO7GoXVAIp3Kt0pmC
# BTLme/oYiEVvdbIXP5baMAsGCSqGSIb3DQEBAQSCAgAjawJWoj86wLXTBpFDg6ng
# yPOmNNIIhkczeyGWy0stomQHqyj5NdwsfDcRmfHmIJuADr1349dXuEEehfbTSki8
# Cq8m+TdnA1ovTYHzFPqZlkFk81wGwBhVNwcylHyvbJ9FScG7H6unqwI2L92tooTW
# OBI8gHQrZx3tcdc0QVKoRkEhfg+BwRhryiIOy6emorRQMWgJr28k1BIwev1d/N7u
# COPZnAho0w14LWoWua1Ga9RM7ni8v1JxYkVVVtcGCNfphLhriqT9+B8WV4aLmgMt
# l8+4FLkPjJzlUMCv9knzwVxWg3LPrbUWi6nRyti5eulOpAAxYSZ+7dnBGQkqZRSk
# TdQW1HlRCDSUPgVKj2j+yfYUh3FWLtCt8Q29VOtUIXB93PDOqjxlJ/D2TT06PJep
# HDt7PPkT2/2qrZvzJLrw6zp5WjLesAasQVu8AVGSPnE7CwQi8aD4HlOzPV/uBsC4
# WJM200gbUnk3yeOQPYDw3cP4ea3rZ5s9tl4JNPxCrKnkjPrIvsGV6puBdXzRQLUH
# qXk+ASlfLbTbzKFYogEIsO4USi7rHfe9kU78hAG3MGWN9GRYCRrPRCSWgxvFu0NN
# vZLDE2e5B3w5B6s776DG3TvWI6qcVXBotGlm9qX6se5KjBOVDmAhApKTQOY7v8yH
# MWu05GLNplWLcHvvz99UtKGCF0kwghdFBgorBgEEAYI3AwMBMYIXNTCCFzEGCSqG
# SIb3DQEHAqCCFyIwghceAgEDMQ8wDQYJYIZIAWUDBAIBBQAwgYIGCyqGSIb3DQEJ
# EAEEoHMEcTBvAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQgXGFtF8hP
# K5tnyM4Yvcr7ZiZpOFuTFFvT8ck4UFVuwAACEQDqREbe4dpMubzZcmszYtI5GA8y
# MDIzMDMxNTE5MTMwMVoCCHYbQTDn3aVroIITBzCCBY0wggR1oAMCAQICEA6bGI75
# 0C3n79tQ4ghAGFowDQYJKoZIhvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNV
# BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG
# A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAw
# MFoXDTMxMTEwOTIzNTk1OVowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD
# ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGln
# aUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
# CgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuE
# DcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNw
# wrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs0
# 6wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e
# 5TXnMcvak17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtV
# gkEy19sEcypukQF8IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85
# tRFYF/ckXEaPZPfBaYh2mHY9WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+S
# kjqePdwA5EUlibaaRBkrfsCUtNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1Yxw
# LEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzl
# DlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFr
# b7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATow
# ggE2MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiu
# HA9PMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQE
# AwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
# Z2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2
# hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290
# Q0EuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/
# Q1xV5zhfoKN0Gz22Ftf3v1cHvZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNK
# ei8ttzjv9P+Aufih9/Jy3iS8UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHr
# lnKhSLSZy51PpwYDE3cnRNTnf+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4
# oVaO7KTVPeix3P0c2PR3WlxUjG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5A
# Y8WYIsGyWfVVa88nq2x2zm8jLfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNN
# n3O3AamfV6peKOK5lDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJ
# KoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu
# YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQg
# VHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVow
# YzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQD
# EzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGlu
# ZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklR
# VcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54P
# Mx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupR
# PfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvo
# hGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV
# 5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYV
# VSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6i
# c/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/Ci
# PMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5
# K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oi
# qMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuld
# yF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAG
# AQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAW
# gBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAww
# CgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8v
# b2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRp
# Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDow
# OKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRS
# b290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkq
# hkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvH
# UF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0M
# CIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCK
# rOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rA
# J4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZ
# xhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScs
# PT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1M
# rfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXse
# GYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWY
# MbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYp
# hwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPww
# ggbAMIIEqKADAgECAhAMTWlyS5T6PCpKPSkHgD1aMA0GCSqGSIb3DQEBCwUAMGMx
# CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMy
# RGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcg
# Q0EwHhcNMjIwOTIxMDAwMDAwWhcNMzMxMTIxMjM1OTU5WjBGMQswCQYDVQQGEwJV
# UzERMA8GA1UEChMIRGlnaUNlcnQxJDAiBgNVBAMTG0RpZ2lDZXJ0IFRpbWVzdGFt
# cCAyMDIyIC0gMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/spSY6
# xqnya7uNwQ2a26HoFIV0MxomrNAcVR4eNm28klUMYfSdCXc9FZYIL2tkpP0GgxbX
# kZI4HDEClvtysZc6Va8z7GGK6aYo25BjXL2JU+A6LYyHQq4mpOS7eHi5ehbhVsbA
# umRTuyoW51BIu4hpDIjG8b7gL307scpTjUCDHufLckkoHkyAHoVW54Xt8mG8qjoH
# ffarbuVm3eJc9S/tjdRNlYRo44DLannR0hCRRinrPibytIzNTLlmyLuqUDgN5YyU
# XRlav/V7QG5vFqianJVHhoV5PgxeZowaCiS+nKrSnLb3T254xCg/oxwPUAY3ugjZ
# Naa1Htp4WB056PhMkRCWfk3h3cKtpX74LRsf7CtGGKMZ9jn39cFPcS6JAxGiS7uY
# v/pP5Hs27wZE5FX/NurlfDHn88JSxOYWe1p+pSVz28BqmSEtY+VZ9U0vkB8nt9Kr
# FOU4ZodRCGv7U0M50GT6Vs/g9ArmFG1keLuY/ZTDcyHzL8IuINeBrNPxB9Thvdld
# S24xlCmL5kGkZZTAWOXlLimQprdhZPrZIGwYUWC6poEPCSVT8b876asHDmoHOWIZ
# ydaFfxPZjXnPYsXs4Xu5zGcTB5rBeO3GiMiwbjJ5xwtZg43G7vUsfHuOy2SJ8bHE
# uOdTXl9V0n0ZKVkDTvpd6kVzHIR+187i1Dp3AgMBAAGjggGLMIIBhzAOBgNVHQ8B
# Af8EBAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAg
# BgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZ
# bU2FL3MpdpovdYxqII+eyG8wHQYDVR0OBBYEFGKK3tBh/I8xFO2XC809KpQU31Kc
# MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdp
# Q2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAG
# CCsGAQUFBwEBBIGDMIGAMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
# dC5jb20wWAYIKwYBBQUHMAKGTGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
# aWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQw
# DQYJKoZIhvcNAQELBQADggIBAFWqKhrzRvN4Vzcw/HXjT9aFI/H8+ZU5myXm93KK
# mMN31GT8Ffs2wklRLHiIY1UJRjkA/GnUypsp+6M/wMkAmxMdsJiJ3HjyzXyFzVOd
# r2LiYWajFCpFh0qYQitQ/Bu1nggwCfrkLdcJiXn5CeaIzn0buGqim8FTYAnoo7id
# 160fHLjsmEHw9g6A++T/350Qp+sAul9Kjxo6UrTqvwlJFTU2WZoPVNKyG39+Xgmt
# dlSKdG3K0gVnK3br/5iyJpU4GYhEFOUKWaJr5yI+RCHSPxzAm+18SLLYkgyRTzxm
# lK9dAlPrnuKe5NMfhgFknADC6Vp0dQ094XmIvxwBl8kZI4DXNlpflhaxYwzGRkA7
# zl011Fk+Q5oYrsPJy8P7mxNfarXH4PMFw1nfJ2Ir3kHJU7n/NBBn9iYymHv+XEKU
# gZSCnawKi8ZLFUrTmJBFYDOA4CPe+AOk9kVH5c64A0JH6EE2cXet/aLol3ROLtoe
# HYxayB6a1cLwxiKoT5u92ByaUcQvmvZfpyeXupYuhVfAYOd4Vn9q78KVmksRAsiC
# nMkaBXy6cbVOepls9Oie1FqYyJ+/jbsYXEP10Cro4mLueATbvdH7WwqocH7wl4R4
# 4wgDXUcsY6glOJcB0j862uXl9uab3H4szP8XTE0AotjWAQ64i+7m4HJViSwnGWH2
# dwGMMYIDdjCCA3ICAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNl
# cnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBT
# SEEyNTYgVGltZVN0YW1waW5nIENBAhAMTWlyS5T6PCpKPSkHgD1aMA0GCWCGSAFl
# AwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0B
# CQUxDxcNMjMwMzE1MTkxMzAxWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTzhyJN
# hjOCkjWplLy9j5bp/hx8czAvBgkqhkiG9w0BCQQxIgQgYsWTfaWXTMtlhLhoLMR8
# GLFVGc0U5R0NszqYyGeph0EwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQgx/ThvjIo
# iSCr4iY6vhrE/E/meBwtZNBMgHVXoCO1tvowDQYJKoZIhvcNAQEBBQAEggIAiDWS
# GTm7kFhbVZOPr5pY76EVwzyDrxRvWRCh+2HwicG81hxq8JS7nRnPo7Jyh0M7XmTc
# yHkLyF0bf5KL93u9MMnwK/K/qKLuJDVkyCIIAd6RCG7JcAATzhmw7aJfLRqBqP/W
# VYlkjFUXkBHwapE75sTfq81AUJbo5r9bzOjP92SnUUe0ImTdNFn7oDFB7InzYzls
# 2t+j9ngz7rzgaLkvmgoELJ0UlXNtKudffy5msUQ2b6rZdubyHr+jSkcpNhWCkQhF
# 6EauruUmr03HDe7200u1MTTMBK9Z/rbK7txoTpfI5JZk/x9Zby0Bi89yxeKEGLoL
# kGr0a1KqE1KcAv6BFOphGvafLnocABLxXWYkJaSO95V6CtGr3PASIOtEWuWujvwy
# LkqED7yGiCZv9fFVA7e23esZxfVijoMtFH586yhhpC8ZU6G6KnGxEINfVwhZE27n
# Ab9lgDq8R8d7HKu7S5WzYEOjIC3opFlN0XRB2h96LStfRkEQFWP6jFf+atV/qhHe
# RJrkK0M+7tvwvO8LNyVOlbk+bLXi3VTiXUHtyAgf4xmT4dO7ISrWb36E6/RAM3/d
# kJfDy4jMY85wJC9zxOywaC8HOVYszroiVNVI5Q+CVpuXNIRfo8lmBkh9I7l/Ieal
# kbGz6Ce3oBt5+fyQjT7xEt3ogiqlytmIv1lD5aU=
# SIG # End signature block
Author: jborean93
Assignees: -
Labels:

area-System.Security, untriaged
Milestone: -

@jborean93
Copy link
Contributor Author

As a workaround I've defined a custom extension method that implements SignerInfo.CheckSignature but with a DateTime? overload.

public static void CheckSignature(this SignerInfo info, bool verifySignatureOnly, DateTime? verificationTime)
{
    info.CheckSignature(true);
    if (verifySignatureOnly)
    {
        return;
    }

    X509Certificate2 certificate = info.Certificate
        ?? throw new CryptographicException("Failed to find signing certificate");

    X509Chain chain = new();
    chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
    if (verificationTime != null)
    {
        chain.ChainPolicy.VerificationTime = (DateTime)verificationTime;
    }

    if (!chain.Build(certificate))
    {
        X509ChainStatus status = chain.ChainStatus.FirstOrDefault();
        throw new CryptographicException(
            $"Certificate trust could not be established. The first reported error is: {status.StatusInformation}");
    }

    const X509KeyUsageFlags SufficientFlags =
        X509KeyUsageFlags.DigitalSignature |
        X509KeyUsageFlags.NonRepudiation;

    foreach (X509Extension ext in certificate.Extensions)
    {
        if (ext.Oid!.Value != "2.5.29.15") // KeyUsage
        {
            continue;
        }

        if (!(ext is X509KeyUsageExtension keyUsage))
        {
            keyUsage = new X509KeyUsageExtension();
            keyUsage.CopyFrom(ext);
        }

        if ((keyUsage.KeyUsages & SufficientFlags) == 0)
        {
            throw new CryptographicException("The certificate is not valid for the requested usage.");
        }
    }
}

I then have custom code to extract the counter signature timestamp and pass that in if it was present.

On a side note, the SignerInfo.CounterSignerInfos property only seems to be populated when encountering a certificate signed using the Authenticode timestamp OID. If the signature was counter signed using the RFC 3161 method this is absent and I had to manually go through the unsigned attributes to extract this value. I'm not sure if this is intentional or not but something I wanted to point out.

@jeffhandley jeffhandley added the api-suggestion Early API idea and discussion, it is NOT ready for implementation label Jun 28, 2023
@jeffhandley
Copy link
Member

Thanks for reporting this, @jborean93. For this new behavior, I expect we'd need to offer more control over the validation so that this behavior could be controlled through the call to CheckSignature, that way it wouldn't be a breaking change for callers expecting the current behavior.

I'm setting this to the Future milestone. For this to move forward, we'd need an API proposal that shows how control over the aspects of validation could be achieved.

@jeffhandley jeffhandley added this to the Future milestone Jun 28, 2023
@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Jun 28, 2023
@BerndK BerndK mentioned this issue Aug 12, 2023
Open
@edwardneal
Copy link
Contributor

There are quite a few options here, so I think a new CheckSignature method overload and associated SignatureVerificationOptions class would be the better approach to use here.

public class SignerInfo
{
+    CheckSignature(SignatureVerificationOptions verificationOptions);
}

+public class SignatureVerificationOptions
+{
+    // If empty, the system trust store is used.
+    public X509Certificate2Collection CustomTrustStore { get; set; } = new();

+    // Corresponds to passing false to SignerInfo.CheckSignature(false)
+    public bool VerifySigningCertificateChain { get; set; } = true;
+    public bool VerifySigningCertificatePurposes { get; set; } = true;

+    // If true, the certificate's timestamps will be verified using the Authenticode/RFC3161 timestamps (if present.)
+    // This means if both are true and both types of timestamps are present, the certificate will be checked twice.
+    // The thrown exception will need to make it clear which timestamp failed verification.
+    public bool VerifyAuthenticodeTimestamp { get; set; } = true;
+    public bool VerifyRfc3161Timestamp { get; set; } = true;

+    // Very similar to VerifySigningCertificateChain and VerifySigningCertificatePurposes, but these apply to the
+    // timestamping certificates. The same properties will apply both to Authenticode and RFC3161.
+    public bool VerifyTimestampingCertificateChain { get; set; } = true;
+    public bool VerifyTimestampingCertificatePurposes { get; set; } = true;

+    // X509ChainPolicy to use when verifying the timestamping certificate. The DisableCertificateDownloads,
+    // RevocationFlag, RevocationMode, TrustMode, UrlRetrievalTimeout and VerificationFlags properties from this
+    // object will be used to verify the timestamping certificate. X509ChainPolicy.CustomTrustStore will be replaced
+    // by the CustomTrustStore property. If null, a default (strict) X509ChainPolicy will be used.
+    public X509ChainPolicy? TimestampCertificateChainPolicy { get; set; } = null;
+}

Adding this feature might help PowerShell Core - a managed implementation of Authenticode/RFC3161 timestamping unlocks Get-AuthenticodeSignature on Linux, which opens the way for meaningful cross-platform script signing verification. This is partially tracked by PowerShell/PowerShell#1159 and PowerShell/PowerShell#5770, which were opened in 2016/2018 respectively.

It'd be quite a while before I could get around to writing this timestamp verification logic, but if this goes through an API review then the external interface is ready, so someone else can pick this up if they want to do it sooner.

Is this enough detail for an API proposal @jeffhandley?

@jborean93
Copy link
Contributor Author

Adding this feature might help PowerShell Core - a managed implementation of Authenticode/RFC3161 timestamping unlocks Get-AuthenticodeSignature on Linux

@edwardneal you might be interested in https://github.com/jborean93/PowerShell-OpenAuthenticode which is what prompted me to open up this issue. I’m using the workaround I mentioned in a comment for now.

@edwardneal
Copy link
Contributor

With Azure Trusted Signing in public preview, this will probably be necessary to validate the generated certificates. These certificates are only valid for three days, so we need to use the timestamp from the timestamp token when checking the certificate validity. There might also be some overlap with PowerShell/PowerShell#21550, although I've not got any way to check that directly against ATS.

@dotnet/area-system-security, @vcsjones what's the best approach to start the API proposal? I can raise a new issue specifically for that if it's easier to manage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-System.Security
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@jeffhandley @jborean93 @edwardneal