Closed ebourg closed 4 years ago
This actually depends on the type of the file signed, it isn't a matter of nesting the signatures or not. SHA-512 signatures on MSI/PowerShell files are always invalid due to a bug in AuthenticodeDigestCalculatorProvider
. When the digest is computed the first 2 bytes of the SpcIndirectData structure are skipped (i.e. the ASN.1 sequence marker is ignored), but when SHA-512 is used the digest is longer and the ASN.1 sequence holds more that 128 bytes, so it's marker takes actually 3 bytes. The digest is thus computed with an extra byte and fatally, it's wrong.
In #55 this issue was fixed for the PE files by removing the optional <<<Obsolete>>>
string in the SpcIndirectData structure. This shortened the data digested below128 bytes and the 2 bytes stripping trick worked. But the real solution is to properly skip the ASN.1 sequence header, whatever it's size.
When signing a file with two SHA-512 signatures, both signatures appear as invalid. This issue doesn't occur with SHA-1 or SHA-256 signatures, nor with only one SHA-512 signature.