Scribd
Upload
16 views2 pages

Cryptography Tools

Cryptography tools offer command-line utilities for code signing and signature verification to ensure the authenticity and integrity of software distributed online. Digital signatures, created using Microsoft's cryptography APIs, help verify the identity of software distributors and prevent unauthorized alterations. The document also outlines various file types supported by CryptoAPI Tools for Authenticode verification and lists Microsoft Cryptography Tools available for managing certificates and signing files.

Uploaded by

skv_net6336
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
16 views2 pages

Cryptography Tools

Cryptography tools offer command-line utilities for code signing and signature verification to ensure the authenticity and integrity of software distributed online. Digital signatures, created using Microsoft's cryptography APIs, help verify the identity of software distributors and prevent unauthorized alterations. The document also outlines various file types supported by CryptoAPI Tools for Authenticode verification and lists Microsoft Cryptography Tools available for managing certificates and signing files.

Uploaded by

skv_net6336
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

Cryptography Tools

Cryptography tools provide command-line tools for code signing, signature verification, and other
cryptography tasks.

Introduction to Code Signing

The software industry must provide users with the means to trust code including code published on
the Internet. Many Web pages contain only static information that can be downloaded with little risk.
Some pages, however, contain controls and applications to be downloaded and run on a user's
computer. These executable files can be risky to download and run.

Packaged software uses branding and trusted sales outlets to assure users of its integrity, but these
guarantees are not available when code is transmitted on the Internet. Additionally, the Internet
itself cannot provide any guarantee about the identity of the software creator. Nor can it guarantee
that any software downloaded was not altered after its creation. Browsers can exhibit a warning
message that explains the possible dangers of downloading data of any kind, but browsers cannot
verify that code is what it claims to be. A more active approach must be taken to make the Internet
a reliable medium for distributing software.

One approach to providing guarantees of the authenticity and integrity of files is attaching digital
signatures to those files. A digital signature attached to a file positively identifies the distributor of
that file and ensures that the contents of the file were not changed after the signature was created.

Digital signatures can be created and verified by using Microsoft's cryptography APIs. For
background information on cryptography and the CryptoAPI functions, see Cryptography Essentials.

For detailed information on digital signatures, certificates, and certificate stores, see the following
topics:

 Hashes and Digital Signatures

 Digital Certificates
 Managing Certificates with Certificate Stores
 Certificate Trust Verification

Currently, CryptoAPI Tools supports Microsoft Authenticode technology by allowing


software vendors to sign the following types of files for Authenticode verification.

File name
extension Contents

.exe Files that contain executable programs.

.cab Self-contained files used for application installation and setup. In a cabinet file,
multiple files are compressed into one file. They are commonly found on Microsoft
software distribution disks.

.cat Files that contain digital thumbprints of several files. A .cat file can be used to
ensure the integrity of the files whose thumbprints it includes.

.ocx Files that contain Microsoft ActiveX controls.


.dll Files that contain executable functions.

.stl Files that contain a certificate trust list (CTL).


For information about digital signing, see the following documents:

 CCITT, Recommendation X.509, The Directory-Authentication Framework, Consultation


Committee, International Telephone and Telegraph, International Telecommunications
Union, Geneva, 1989.
 RSA Laboratories, PKCS #7: Cryptographic Message Syntax Standard. Version 1.5,
November, 1993.
 Schneier, Bruce, Applied Cryptography, 2d ed. New York: John Wiley & Sons, 1996.
 http://www.rsasecurity.com

Microsoft Cryptography Tools

The publishing tools and the signing DLL are installed in the \Bin directory of your
Microsoft SDK installation. They include the following files.

File name Remarks

Cert2SPC.exe Creates an Software Publisher Certificate (SPC) for testing purposes only.

CertMgr.exe Manages certificates, CTLs, and certificate revocation lists (CRLs).

MakeCat.exe Creates an unsigned catalog file that contains the hashes of a set of files along with
associated attributes of each file.

MakeCert.exe Creates an X.509 certificate for testing purposes only.

MakeCTL.exe Creates a CTL.

SetReg.exe Sets registry keys that control certificate verification.

Signer.dll Required only by the tools in Internet Explorer 4.01.

SignTool.exe Signs and time stamps a file. Additionally, checks the signature of a file.

You might also like