Authenticode Appendixes
Appendix A: Required Files
To use Microsoft Authenticode, a set of client files, publishing tools, and a signing DLL are required.
Client files include the following:
- Wintrust.dll
- Softpub.dll
- Mssip32.dll
- Vsrevoke.dll
- Crypt32.dll
Publishing tools and the signing DLL include the following:
| MakeCert.exe | Creates an X.509 certificate for testing purposes only. |
| Cert2SPC.exe | Creates a software publishing certificate for testing purposes only. |
| SignCode.exe | Signs and time stamps a file. |
| ChkTrust.exe | Checks the validity of the file. |
| MakeCTL.exe | Creates a certificate trust list. |
| CertMgr.exe | Manages certificates, CTLs, and CRLs. |
| SetReg.exe | Sets registry keys controlling certificate verification. |
| Signer.dll | Performs signing. |
Appendix B: The X.509 Certificate
The X.509 protocols include a structure for public-key certificates. A certification authority assigns a unique name to each user and issues a signed certificate containing this name and the user's public key. The following diagram shows an X.509 certificate.
.png)
These are the meanings for each field:
| Field | Meaning |
|---|---|
| Version | Number identifying the certificate format. |
| Serial Number | Value unique to the certification authority. |
| Algorithm Identifier | Algorithm used to sign the certificate, together with any necessary parameters. |
| Issuer | Name of the certification authority. |
| Period of Validity | Dates between which the certificate is valid. |
| Subject | Name of the user. |
| Subject's Public Key | Public key of the user, any necessary parameters, and its algorithm name. |
| Signature | Signature of the certification authority. |
Appendix C: Attachment Execution Service (AES)
Windows XP Service Pack 2 (SP2) introduces a new set of APIs called the Attachment Execution Service (AES). AES allows applications to eliminate custom code that performs similar safety checks and instead to rely on a centrally-managed API set. The use of AES provides a consisent user experience across all applications that check the security of attachments.
AES consists of the IAttachmentExecute interface, which is designed to help client applications safely manage saving and opening attachments and determine their support and behavior.
Appendix D: Suggested Reading
The topic of digital signing is discussed more fully in the following documents.
- CCITT, Recommendation X.509, The Directory-Authentication Framework, Consultation Committee, International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.
- Microsoft Cryptographic Service Provider Programmer's Guide, Microsoft, 1995.
- Microsoft Application Programmer's Guide, Microsoft, 1995.
- RSA Laboratories, public key certificate standard (PKCS) #7: Cryptographic Message Syntax Standard . Version 1.5, November, 1993.
- Schneier, Bruce, Applied Cryptography, 2nd ed. New York: John Wiley & Sons, 1996.
- Microsoft Security
- RSA Security Inc.