Read certificate data from signed multi-signature executables

Question

Read certificate data from signed multi-signature executables

Microsoft is moving away from SHA1. As a result, many executable files now have two or more signatures; one uses the SHA1 digest for backward compatibility and one uses SHA256.

For example, if you look at the properties vstest.executionengine.exefrom Visual Studio 2013 (look at the properties in Windows 8 or Server 2012), you will see that it has 3 different signatures from 3 different certificates.

I already have a code that uses a combination CryptQueryObject, CryptMsgGetParamand .NET SignedCms, but he sees only one of the three signatures. It seems that there is only one message with one signatory.

I need to get certificate information for all signatures. How are multiple signatures modeled - is it several messages or several subscribers in one message? Has Microsoft added new APIs or new flags to access multiple signatures?

+4

sha1 digital-signature sha256 authenticode cryptoapi

Scott Feb 28 '15 at 2:53

source share

1 answer

Scott · Answer 1 · 2015-05-08T22:10:14+0000

It turns out that Microsoft (sort of) hides subsequent signatures. When you add another signature, the entire CMS structure is added as an unsigned attribute.

, , Authenticode, .NET SignedCms, SignerInfo UnsignedAttributes. ASN RawData SignedCms.Decode, .

// decode inner signature    
signedCms2.Decode(signedCms1.SignerInfos[0].UnsignedAttributes[0].Values[0].RawData);

, .

, , , OID .

, Microsoft .

Read certificate data from signed multi-signature executables

More articles: