Windows Authenticode Portable Executable Signature Format
Updated: August 29, 2008
Authenticode is a digital signature format that is used to determine the origin and integrity of software binaries. Authenticode is based on Public-Key Cryptography Standards (PKCS) #7 signed data and X.509 certificates to bind an Authenticode-signed binary to the identity of a software publisher. This paper contains the structure and technical details of the Authenticode signature format.
The term "Authenticode" signature refers to a digital signature format that is generated and verified by using Authenticode. This white paper is specific to the signature format that is used to embed an Authenticode signature within a portable executable file and is independent of technologies that may use Authenticode signatures, such as driver signing. Additional information can be found on the WHDC Web site:
The term "portable executable" refers to executable (image) files and object files under the Windows family of operating systems. These files are referred to as portable executable (PE) and common object file format (COFF) files, respectively. The name "portable executable" refers to the fact that the format is not specific to architecture. For more information see the Microsoft Portable Executable and Common Object File Format Specification.
This information applies to Windows 2000 and later versions of Windows.
Included in this white paper:
Please read the license agreement before continuing.