Why can an expired certificate be used to sign a JAR file?
How does a timestamp prevent use of a leaked expired certificate to sign a malignant executable?
If it is supposedly fine to share or leak expired certificates then why is it safe to allow use of such certificate to sign code if the signature is timestamped? Should not verification reject all signatures that were created after the certificate is expired?
Here is a sample message from jarsigner, that confused me:
$ jarsigner -verify -verbose -certs xxx.jar
...
[entry was signed on 2/1/24, 1:15 PM]
...
jar verified.
Warning:
This jar contains entries whose signer certificate has expired.
The signer certificate expired on 2024-01-01. However, the JAR will be valid until the timestamp expires on 2031-11-01.
jarsigner -verify does fail when used with -strict argument, but the message implies that it has nothing to do with timestamp.
I envision a following scenario where timestamping signatures of expired certificates does nothing useful.
- Alice purchases a certificate from a recognized CA.
- Alice works with certificate until it is expired.
- Alice considers expired certificate to be harmless
- Alice relaxes security of the certificate handling and leaks the private key
- Chad uses leaked certificate to sign malignant code with a public timestamping service
- Bob verifies the signed code (with a jarsigner?) and sees:
- The certificate is expired
- But the signature has a timestamp
- As timestamp is valid, he ignores the signing date
- Bob assumes Alice has produced the code
- Bob uses the malignant JAR and takes damages
To my understanding, either certificate expiration date should be absolute (all signing should be done before expiration) or all expired certificates have to revoked (which is ridiculously expensive).
Why is neither the case?
UPDATE: A lot of comments imply that is is impossible to sign code with an expired certificate. Please note, that output of jarsigner (verbose) verification lists a date of expiration and a later date of signing, proving that is possible. This question is specifically "why is it possible given security implications?" and not "is it possible?".
