Geek Answers Handbook

Microsoft Security Catalog Format Documentation and Sample APIs

I am looking for any API documentation for working with Microsoft security directories, or, instead, file format information so that I can write my own parser.

In short, I have some .cat files that I need to work with. Looking at the file in a hex editor, they obviously have different areas that are somehow limited (looks like typical binary stored structures). I need to get certain information from them and ignore other information.

I could probably rebuild the format and parse what I need, but I would prefer to do it either using the Win32 API, or at least write my parser so that it is correct for the format, and not just "capable do what I need to do this. "

MSCAT32.DLL seems symbolic, but I'm not sure if it has an export to do what I need ... This is a bit cryptic (no pun intended).

Any information at all will be useful.

Just to toss some more keywords here ...

MIME type: application / vnd.ms-pki.seccat Magic header bytes: 30 80 09 06 Field separators in the file look like this: EOT (04) and € (80) The program that generates them is: MakeCat.exe

+4
source share
2 answers

Here is the definition of wintrust calls that makecat uses Look in the Directory Definition section Directory functions that consist of a certificate trust list (CTL) A predefined list of elements that have been signed by a trusted object, CTL can be anything like a list of certificate hashes or a list of names files. All items in the list are authenticated (approved) by the signatory.

which in turn consist of pkcs # 7 blobs

+1
source

Microsoft security directories are nothing more than binary files encoded in the DAR ASN.1 format. Inside the PKCS # 7 file, data is signed with additional fields for specific Microsoft materials (encoded with Microsoft OID). A list of these OIDs can be found here: https://support.microsoft.com/en-us/kb/287547

If you want to decode ASN.1 DER, use, for example, this JavaScript-based encoder: http://lapo.it/asn1js/

By the way: 30 80 09 06 not the magic of the file, but means that there is a constructive SEQUENCE with an unknown length. ASN.1 DER files do not have any magic, but begin with SEQUENCE (which in many cases is encoded in DER as 0x30 .

+1
source

More articles:


All Articles