Module rasn_cms::authenticode
source · Expand description
Windows Authenticode Portable Executable Signature Format
Authenticode is a digital signature format that is used to determine the origin and integrity of software binaries. Authenticode is based on Public-Key Cryptography Standards (PKCS) #7 signed data and X.509 certificates to bind an Authenticode-signed binary to the identity of a software publisher.
Reference: [Windows Authenticode Portable Executable Signature Format] (http://msdn.microsoft.com/en-US/windows/hardware/gg463183) NOTE: the document differs from the actual implementation. This crate contains the structures used in actual signing.
Structs§
- The DigestInfo structure defines the digest algorithm and data
- The SpcAttributeTypeAndOptionalValue structure has two fields, which are set for an Authenticode-signed PE file. The attribute_type is set to SPC_PE_IMAGE_DATAOBJ OID (1.3.6.1.4.1.311.2.1.15)
- An Authenticode signature’s ContentInfo structure contains several structures that in turn contain the file’s hash value, page hash values (if present), the file description, and various optional or legacy ASN.1 fields. The root structure is SpcIndirectDataContent.
- The SpcPeImageData structure specifies which portions of the Windows PE file are hashed.
- Flags specify which portions of the Windows PE file are hashed.
- SpcSerializedObject contains a binary structure with page hashes
- This structure is present in SignerInfo authenticated attributes. It is identified by SPC_SP_OPUS_INFO_OBJID (1.3.6.1.4.1.311.2.1.12)
Enums§
- SPCLink originally contained information that describes the software publisher
- SpcString is either Unicode or ASCII string