When code signing an executable, the executable will be considered as from a trusted source as long as the certificate is valid (if not timestamped). I am wondering whether I can reduce this time span.
I went through the command line options of Signtool but couldn't find an option to reduce the validity time. However, that might just mean, Microsoft does not support this.
My intended usages:
for testing purposes
for demonstration purposes (developer trainings)
just an idea: Since I'm signing executables anyway, this would be a nice option to provide time-restricted demo licenses. The application would simply check itself for the validity duration.
Well, you need to issue new certificate (with new date range) for each build of your application. This is simply not practical.
What you can do, however, is to check what is the date/time (timestamp) of when executable was signed. Then you can compare this timestamp with maximum "allowable" date for your application. If "timestamp + maximum trial days" is greater than current date - OK, run as normal. If not - abort with "Trial Expired".
You can see code samples here and here. Basically, you're interested in GetDateOfTimeStamp/GetTimeStampSignerInfo.