Digital signature format for PE files on Windows

 

Summary
Authenticode is a digital signature format used to verify the source and integrity of binary software. Authenticode is used to sign data based on the public key encryption standard (PKCS) #7, and uses the X.509 Certificate to bind a digitally issued binary program to the identity of its software publisher. This document contains the structure and technical details of the Authenticode signature.

OVERVIEW

The trusted code digital signature in the PE file is PKCS #7Signature BlockStructure. This signature ensures that:
· The software originated from a fixed software publisher.
· This software has not been modified since it was signed.
One PKCS #7 Signature BlockThe structure contains the hash value of the PE file, the signature created by the private key of the software publisher, and the signature key of the software publisher bound to a valid entity X.509 V3 certificate. One PKCS #7Signature BlockIt can contain the following optional information:
· Description of software publishers
· Links of software publishers
· Timestamp of trusted code signature
The signature timestamp is generated by the time stamp Authority (TSA) and the software publisher's signature must exist before the timestamp. This timestamp can prolong the life cycle of the signature, even if the relevant signature certificate has expired or is later abolished.
The trusted code signature can be embedded into the PE file in the PE file of windows.Optional Header Data DirectoriesStructureCertificate TablePoint. When a trusted code signature is used to sign a Windows PE file, the algorithm used to calculate the File digital signature hash value skips a specific field in the PE file structure. When embedding a digital signature into a file, the signature process can modify these fields without affecting the file's hash value.
Figure 1 shows a simple global PE file that describes how a digital signature is contained in a PE file. It contains embedded trusted code digital signatures and PE Structure fields that are omitted to calculate the hash value of the PE file.
For details about the PE file structure, see "Microsoft portable executable and common object file format specification" (PE/coff Specification ).
For details about PKCS #7 in the digital signature of trusted code, see the Abstract Syntax Notation version 1 (ASN.1) structure definition later in this document.
For details about how to calculate the hash value of a PE file using a trusted code digital signature, see "calculating the PE image hash" next to this document ".

 

Apply for a free digital certificate

Log on to www.ca365.com and click the "apply for Certificate in table" link in the "free certificate" column. Enter the required information on the page to apply for a free certificate.