To use Microsoft® Authenticode, a set of client files, publishing tools, and a signing DLL are required.
Client files include the following:
Publishing tools and the signing DLL include the following:
MakeCert.exe | Creates an X.509 certificate for testing purposes only. |
Cert2SPC.exe | Creates an SPC for testing purposes only. |
SignCode.exe | Signs and time stamps a file. |
ChkTrust.exe | Checks the validity of the file. |
MakeCTL.exe | Creates a certificate trust list. |
CertMgr.exe | Manages certificates, CTLs, and CRLs. |
SetReg.exe | Sets registry keys controlling certificate verification. |
Signer.dll | Performs signing. |
The X.509 protocols include a structure for public-key certificates. A certificate authority (CA) assigns a unique name to each user and issues a signed certificate containing this name and the user's public key. The following diagram shows an X.509 certificate.
These are the meanings for each field:
Field | Meaning |
---|---|
Version | Number identifying the certificate format. |
Serial Number | Value unique to the CA. |
Algorithm Identifier | Algorithm used to sign the certificate, together with any necessary parameters. |
Issuer | Name of the CA. |
Period of Validity | Dates between which the certificate is valid. |
Subject | Name of the user. |
Subject's Public Key | Public key of the user, any necessary parameters, and its algorithm name. |
Signature | Signature of the CA. |
The topic of digital signing is discussed more fully in the following documents: