Authenticode Appendixes

Appendix A: Required Files

To use Microsoft Authenticode, a set of client files, publishing tools, and a signing DLL are required.

Client files include the following:

  • Wintrust.dll
  • Softpub.dll
  • Mssip32.dll
  • Vsrevoke.dll
  • Crypt32.dll

Publishing tools and the signing DLL include the following:

MakeCert.exe Creates an X.509 certificate for testing purposes only.
Cert2SPC.exe Creates a software publishing certificate for testing purposes only.
SignCode.exe Signs and time stamps a file.
ChkTrust.exe Checks the validity of the file.
MakeCTL.exe Creates a certificate trust list.
CertMgr.exe Manages certificates, CTLs, and CRLs.
SetReg.exe Sets registry keys controlling certificate verification.
Signer.dll Performs signing.

Appendix B: The X.509 Certificate

The X.509 protocols include a structure for public-key certificates. A certification authority assigns a unique name to each user and issues a signed certificate containing this name and the user's public key. The following diagram shows an X.509 certificate.

These are the meanings for each field:

Field Meaning
Version Number identifying the certificate format.
Serial Number Value unique to the certification authority.
Algorithm Identifier Algorithm used to sign the certificate, together with any necessary parameters.
Issuer Name of the certification authority.
Period of Validity Dates between which the certificate is valid.
Subject Name of the user.
Subject's Public Key Public key of the user, any necessary parameters, and its algorithm name.
Signature Signature of the certification authority.

Appendix C: Attachment Execution Service (AES)

Windows XP Service Pack 2 (SP2) introduces a new set of APIs called the Attachment Execution Service (AES). AES allows applications to eliminate custom code that performs similar safety checks and instead to rely on a centrally-managed API set. The use of AES provides a consisent user experience across all applications that check the security of attachments.

AES consists of the IAttachmentExecute interface, which is designed to help client applications safely manage saving and opening attachments and determine their support and behavior.

Appendix D: Suggested Reading

The topic of digital signing is discussed more fully in the following documents.

  • CCITT, Recommendation X.509, The Directory-Authentication Framework, Consultation Committee, International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.
  • Microsoft Cryptographic Service Provider Programmer's Guide, Microsoft, 1995.
  • Microsoft Application Programmer's Guide, Microsoft, 1995.
  • RSA Laboratories, public key certificate standard (PKCS) #7: Cryptographic Message Syntax Standard . Version 1.5, November, 1993.
  • Schneier, Bruce, Applied Cryptography, 2nd ed. New York: John Wiley & Sons, 1996.
  • Microsoft Security
  • RSA Security Inc.