Thursday, May 16, 2013

Concepts of Digital Signature and Windows Code Signing

Authenticode:
software publishers use authenticode to sign either a file or a collection of files(such as a driver package)

Microsoft Authenticode:
Authenticode belong to MS. (I believe it's a key which must be safely saved by microsoft)

digital certificate:
Also refered as signing certificate or authenticode certificate, it identify a publisher(exactly, the signer) and the issuer(CA) and it at least contains a public key and an authenticode. (I believe the info about the public key can be queried from CA)

thumbprint:
a (cryptographic) hash of a file(sha256? or something else?) or a package, the thumbprint can be used as the source of private key.

digital signature:
windows first calc the thumbprint of the file, then use the pulic key(public key and its publisher must previous verified) to decry the digital signature, if they two match, the digital signature is OK.

Trusted Publishers certificate store:
HKEY_LOCAL_MACHINE
   Software
      Microsoft
         SystemCertificates
        TrustedPublisher

or the curr user:
HKCU
   Software
      Microsoft
         SystemCertificates
        TrustedPublisher
 and all certificates in HKEY_LOCAL_MACHINE are inherited by current user

Trusted Root Certification Authorities certificate store:
HKEY_LOCAL_MACHINE
   Software
      Microsoft
         SystemCertificates
        CA

Refer:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff543743%28v=vs.85%29.aspx
http://technet.microsoft.com/en-us/library/cc962021.aspx
http://office.microsoft.com/en-us/excel-help/how-to-tell-if-a-digital-signature-is-trustworthy-HA001230875.aspx : How to tell if a digital signature of Office doc is trustworthy

1 comment:

  1. Thank you for giving me an idea about digital signature. I received a file with a special kind of signature attached to it and was just wondering about it. Now I learn that it was a digital signature.
    digital signature software

    ReplyDelete