Authenticode Digital Signatures
Authenticode is a Microsoft code-signing technology that identifies the publisher of Authenticode-signed software. Authenticode also verifies that the software has not been tampered with since it was signed and published.
Authenticode uses cryptographic techniques to verify publisher identity and code integrity. It combines digital signatures with an infrastructure of trusted entities, including certificate authorities (CAs), to assure users that a driver originates from the stated publisher. Authenticode allows users to verify the identity of the software publisher by chaining the certificate in the digital signature up to a trusted root certificate.
Using Authenticode, the software publisher signs the driver or driver package, tagging it with a digital certificate that verifies the identity of the publisher and also provides the recipient of the code with the ability to verify the integrity of the code. A certificate is a set of data that identifies the software publisher. It is issued by a CA only after that authority has verified the software publisher's identity. The certificate data includes the publisher's public cryptographic key. The certificate is typically part of a chain of such certificates, ultimately referenced to a well-known CA such as VeriSign.
Authenticode code signing does not alter the executable portions of a driver. Instead, it does the following:
With embedded signatures, the signing process embeds a digital signature within a nonexecution portion of the driver file. For more information about this process, see Embedded Signatures in a Driver File.
With digitally-signed catalog files (.cat), the signing process requires generating a file hash value from the contents of each file within a driver package. This hash value is included in a catalog file. The catalog file is then signed with an embedded signature. In this way, catalog files are a type of detached signature.