Vernacular digital signature (additional article)-signature EXE file (lower part)

From: http://www.cnblogs.com/1-2-3/archive/2007/12/03/colloquialism-digital-certificate-part5.html
Summary

If we. EXE, right-click it, and click "properties". The digital signature page is not displayed, but the signature can be successfully verified in process explorer. What is the problem?

Two Methods for signing an EXE file

In the previous article, if we. EXE, right-click it, and click "properties". The digital signature page is not displayed, but the signature can be successfully verified in process explorer. What is the problem? This is because there are two methods to sign the EXE file: 1. embed the signature data into the EXE file, which is the method described in the previous article. 2. store the signature data to one. in cat files, most programs and drivers in Windows use this method. Therefore, the signature information cannot be found in file properties, but the signature can be successfully verified using process explorer. The following describes the signature method.

Use the secure catalog (. Cat) file to sign the EXE file

Step 1:First, create a directory "C: \ signdemo" under drive C for convenience ". Then copy the unsigned exefile named mathlover121.exe to this directory.Step 2:Create a text file named "123soft. CDF.

Step 3:Download this makecat.rar, decompress it, and copy it to "C: \ signdemo ".

Note that makecat.exe is released with SDK 3.0, So I uploaded it here for convenience.

Step 4:Open the command line and run the "makecat-V 123soft. CDF" command to generate the "123soft. Cat" file.Step 5:Open the command line, run the "signtool signwizard" command, open the signature wizard, and sign the "123soft. Cat" file using the same method as in the previous article.

Step 6:The test3soft.catfile contains the digital signature of mathlover121.exe. Use the "signtool verify-v-pa-C 123soft. Cat mathlover121.exe" command.

Step 7:Verify the signature in automatic mode (without explicitly providing the cat file) because we have not imported 123soft. CAT into the operating system's secure Catalog Database.Step 8:Add 123soft. Cat to the operating system's security catalog database. Run the "signtool catdb-V 123soft. Cat" command on the command line.Step 9:Redo the test in Step 7 and find that the signature can be successfully verified.Step 10:Verify the signature of mathlover121.exe in process assumer.Note:In step 2 above, 123soft. the file list in CDF must be written as "Signature MP3

The embedded signature method can only sign a limited number of file formats, but the cat file method can be used to sign files in any format. The following describes how to sign an MP3 file.Step 1:Copy an MP3 file to "C: \ signdemo ".Step 2:Add the file name to the 123soft. CDF file.Step 3:Re-Generate and sign the cat file according to the previous method.Step 4:Verify the signature.

References

Kernel-mode CODe signing Walkthrough
Microsoft Authenticode Reference Guide # C # column