Timestamp command

The timestamp command allows you to timestamp one or more files using a timestamp server. It supports fallback timestamp servers. It can timestamp multiple files efficiently with wildcard support.

Usage

SignotaurTool.exe timestamp [options] <files>

Files Parameter

  • A list of file paths to timestamp. You can specify individual file paths or use wildcards to match multiple files. This parameter supports the following wildcard patterns:

    • *: Matches zero or more characters within a file name. For example, *.exe will match all executable files in the specified directory.
    • ?: Matches a single character. For instance, file?.dll will match file1.dll, file2.dll, but not file12.dll.
    • **: Indicates a recursive search across all subdirectories. For example, **/*.exe will match all .exe files found in the current directory and all its subdirectories.
    • !: Identifies an exclude pattern. This must be at the start of the pattern. It must be used in conjunction with a normal include pattern. For instance, the two patterns *.dll and !*.Test.dll will match all .dll files found in the current directory excluded all test dlls, that is file1.dll, file2.dll, but not file1.Test.dll.

  • Examples:

    • *.exe: Matches all executable files in the specified directory.
    • C:\Projects\**\*.dll: Matches all dynamic link library files in the C:\Projects directory and any of its subdirectories.
    • C:\MyFiles\file?.exe: Matches any executable files that start with "file" followed by a single character.
    • !*.pdb: Matches all debug files in the specified directory from the current match.

  • Notes:

    • Ensure that the directory paths are correctly specified, as the function will attempt to find matching files based on the directory provided in conjunction with the wildcards.
    • If you need to timestamp a large number of files, you can use the --file-list option to specify the path to a file containing the list of file paths.

Options

  • --tr, --timestamp-server <TimeStampServer>
    Required. Specifies the URL of the RFC 3161 timestamp server.

  • --td, --timestamp-digest <DigestAlgorithm>
    Required. Specifies the digest algorithm used by the RFC 3161 timestamp server. Supported algorithms include: SHA256, SHA384, and SHA512.

  • --fb, --fallback-timestamp-servers <ServerList>
    Specifies a comma-separated list of fallback timestamp servers to use if the primary server is unavailable. This provides reliability in the event of a primary server failure. Provide multiple servers by repeating this option. The servers are tried sequentially, stopping at the first successful response.

  • -m, --max-degree-of-parallelism <MDOP>
    Specifies the maximum number of concurrent file timestamping operations. This setting allows you to control the degree of parallelism to optimize performance. The default value is 4, but you can adjust this based on the capabilities of your machine.

  • --fl, --file-list <FileName>
    Specifies the path to a file containing a list of file paths to timestamp. This is helpful for handling multiple files at once without specifying each one in the command line. Each line in the file should contain one file path.

  • -b, --base-directory <Directory>
    Sets the base directory for resolving relative file paths.

  • --continue-on-fail
    Continues timestamping subsequent files even if an error occurs while timestamping a file. This option is useful for batch timestamping scenarios.

  • --encoding <Encoding>
    Specifies the output encoding. Set to one of UTF8, UTF16, OEMCodePage or CodePage### where ### is the number of the code page to use. Defaults to UTF8.

  • --nb, --no-banner
    Hides the banner in the output, which may be useful for scripting or logging purposes where you want a clean output.

  • -v, --verbose
    Enables verbose logging for the timestamping operation, providing detailed output of the process, which can be useful for debugging.

  • --help
    Displays help information and usage instructions for this command.

Examples

  1. Timestamp multiple files:

    SignotaurTool.exe timestamp -t <Thumbprint> --tr <TimeStampServer> --td SHA256 file1.exe file2.dll

  2. Timestamp files with a primary and fallback timestamp servers:

    SignotaurTool.exe timestamp --tr <TimeStampServer> --td SHA256 --fb <FallbackServer1> --fb <FallbackServer2> file1.exe file2.dll

Supported File Types

The verify command supports timestamping of the following file types: .appx, .appxbundle, .cab, .cat, .cdxml, .dll, .eappx, .eappxbundle, .emsix, .emsixbundle, .exe, .msi, .msix, .msixbundle, .msm, .msp, .mst, .ocx, .ps1, .ps1xml, .psd1, .psm1, .stl, .sys, .vbs, .vxd, .winmd. Additional PE file types may also be timestamped automatically.

Exit Codes

The following exit codes indicate the result of the operation performed by SignotaurTool.exe:

  • 0 (Success): The operation completed successfully without any errors.
  • 1 (NotFound): One or more specified files were not found.
  • 2 (Failed): The operation failed due to an unexpected error.
  • 5 (BadParameter): A parameter provided to the function was invalid.
  • 6 (UnsupportedDigestAlgorithm): The specified digest algorithm is not supported.
  • 7 (TimestampServerError): The timestamp server returned an error response.
  • 8 (TimestampVerificationFailed): The verification of the timestamped file failed.

Typically a more specific message will be displayed before an error exit code is returned.