search

ebourg / jsign

Java implementation of Microsoft Authenticode for signing Windows executables, installers & scripts
https://ebourg.github.io/jsign
Apache License 2.0
259 stars 108 forks source link

Catalog file signing #131

Closed mikehearn closed 2 years ago

mikehearn commented 2 years ago

Microsoft CAT files can be code signed. Does anyone know anything about this format and how hard it is to sign CAT files with jsign? There's some docs here:

https://blog.cryptomilk.org/2016/10/25/hack-ms-catalog-files-and-digital-signatures

ebourg commented 2 years ago

Thank you for the suggestion, I'm working on implementing it. Catalog files are very easy to sign, the file is simply a PKCS#7 SignedData structure with only the ContentInfo element.

ebourg commented 2 years ago

@mikehearn it's now implemented, please let me know how it work for you

mikehearn commented 2 years ago

Thank you! It might take a little while to test because right now the feature I'd need this for is low priority, but it's much appreciated and will prove useful soon enough.