ebourg
commented
1 year ago I'm not aware of a specification for Authenticode signature of CAB files, I think this was reverse engineered.
Closed trykacz closed 1 year ago
ebourg
commented
1 year ago I'm not aware of a specification for Authenticode signature of CAB files, I think this was reverse engineered.
trykacz
commented
1 year ago Okay. Thanks for the response!
Hello,
I have a quick questions which i hope you can answer:
Context: I have a problem understanding the MS Authenticode Signature of CAB files.
I found the Specification of the MS Authenticode signature for PE files, but as far as i understand CAB files are no PE files. Moreover, I understand the concept of CAB files and I understand their format.
Technically i think i understand what is happening when a digital signature is created with your tool. As far as I understand, the digest is computed and a PKCS#7 signature is created, which is appended to the CAB file. The CAB Header needs to be adapted to contain the 'abReserve' header which contains information about the signauture.
Question: But I dont really understand WHY this is happening. Where is this specified? Where does this information come from? Is this only reverse engineered from "officialy" signed CAB files? Is this written somewhere?