Authenticode Appendixes

Appendix A: Required Files

To use Microsoft Authenticode, a set of client files, publishing tools, and a signing DLL are required.

Client files include the following:

  • Wintrust.dll
  • Softpub.dll
  • Mssip32.dll
  • Vsrevoke.dll
  • Crypt32.dll

Publishing tools and the signing DLL include the following:

MakeCert.exeCreates an X.509 certificate for testing purposes only.
Cert2SPC.exeCreates a software publishing certificate for testing purposes only.
SignCode.exeSigns and time stamps a file.
ChkTrust.exeChecks the validity of the file.
MakeCTL.exeCreates a certificate trust list.
CertMgr.exeManages certificates, CTLs, and CRLs.
SetReg.exeSets registry keys controlling certificate verification.
Signer.dllPerforms signing.


Appendix B: The X.509 Certificate

The X.509 protocols include a structure for public-key certificates. A certification authority assigns a unique name to each user and issues a signed certificate containing this name and the user's public key. The following diagram shows an X.509 certificate.

X.509 certificate

These are the meanings for each field:

VersionNumber identifying the certificate format.
Serial NumberValue unique to the certification authority.
Algorithm IdentifierAlgorithm used to sign the certificate, together with any necessary parameters.
IssuerName of the certification authority.
Period of ValidityDates between which the certificate is valid.
SubjectName of the user.
Subject's Public KeyPublic key of the user, any necessary parameters, and its algorithm name.
SignatureSignature of the certification authority.


Appendix C: Attachment Execution Service (AES)

Windows XP Service Pack 2 (SP2) introduces a new set of APIs called the Attachment Execution Service (AES). AES allows applications to eliminate custom code that performs similar safety checks and instead to rely on a centrally-managed API set. The use of AES provides a consisent user experience across all applications that check the security of attachments.

AES consists of the IAttachmentExecute interface, which is designed to help client applications safely manage saving and opening attachments and determine their support and behavior.

Appendix D: Suggested Reading

The topic of digital signing is discussed more fully in the following documents.

  • CCITT, Recommendation X.509, The Directory-Authentication Framework, Consultation Committee, International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.
  • Microsoft Cryptographic Service Provider Programmer's Guide, Microsoft, 1995.
  • Microsoft Application Programmer's Guide, Microsoft, 1995.
  • RSA Laboratories, public key certificate standard (PKCS) #7: Cryptographic Message Syntax Standard . Version 1.5, November, 1993.
  • Schneier, Bruce, Applied Cryptography, 2nd ed. New York: John Wiley & Sons, 1996.
  • Microsoft Security
  • RSA Security Inc.