22.2 Microsoft s Authenticode Technology

22.2 Microsoft's Authenticode Technology

Authenticode is a system developed by Microsoft for digitally signing executable code. Authenticode was publicly announced in June of 1996 as part of Microsoft's Internet Explorer 3.0 and ActiveX technologies. Authenticode now ships as a standard part of all Microsoft operating systems and applications.

Authenticode describes a series of file formats for signing Microsoft 32-bit CAB, CAT, CTL, DLL, EXE, and OCX files. The signed file contains the original unsigned file, the digital signature, and an X.509 v3 digital certificate for the public key needed to verify the Authenticode signature. Authenticode cannot sign Windows COM files or 16-bit EXE files.

Authenticode is closely associated with ActiveX, Microsoft's system for downloading programs from web pages to end user computers. There are considerable security issues associated with ActiveX. Authenticode was designed to mitigate these dangers by making software publishers accountable for programs they write. (ActiveX and the security provided by Authenticode are discussed in detail in Chapter 12.)

According to Microsoft's Authenticode documentation, organizations seeking to obtain software publishing certificates must meet the following criteria:

Identification

Applicants must submit their name, address, and other material that proves their identity as corporate representatives. Proof of identify requires either personal presence or registered credentials.

The Pledge

Applicants must pledge that they will not distribute software that they know, or should have known, contains viruses or would otherwise harm a user's computer or code.

Dun & Bradstreet Rating

Applicants must achieve a level of financial standing as indicated by a D-U-N-S number (which indicates a company's financial stability) and any additional information provided by this service. This rating identifies the applicant as a corporation that is still in business. (Other financial rating services are being investigated.) Corporations that do not have a D-U-N-S number at the time of application (usually because of recent incorporation) can apply for one and expect a response in less than two weeks.^[3]

^[3] http://msdn.microsoft.com/workshop/security/authcode/intro_authenticode.asp

22.2.1 The "Pledge"

What does it mean when a piece of code is "signed?" It could mean that the program has been analyzed and is certified to do exactly what the manufacturer claims that it will do, no more and no less. Or a program could be signed to indicate that it contains a truthful and accurate copy of a computer virus that destroyed a million computers. By itself, the act of signing a program doesn't mean anything unless the keyholder makes a legal representation that it does.

In the case of Authenticode, Microsoft and VeriSign have tried to create a legal framework that signed code will behave responsibly and not wreck computers or data. This legal framework is called the Software Publisher's Pledge. The Pledge is a binding agreement in which the software publisher promises not to sign programs that contain viruses or that will otherwise damage a person's computer.

The Pledge is described in the VeriSign subscriber agreement (previously, it was in the VeriSign CPS). It is reprinted here:

In addition to the other representations, obligations, and warranties contained or referenced in the certificate application, the [individual] [commercial] software publisher certificate applicant represents and warrants that he, she, or it shall exercise reasonable care consistent with prevailing industry standards to exclude programs, extraneous code, viruses, or data that may be reasonably expected to damage, misappropriate, or interfere with the use of data, software, systems, or operations of the other party.

This software publisher's pledge is made exclusively by the [individual] [commercial] software publisher certificate applicant. Issuing authorities and VeriSign shall not be held responsible for the breach of such representations and warranties by the [individual] [commercial] software publisher under any circumstance.

The Authenticode Pledge can't make software signed by Authenticode software publisher's keys secure. What the Pledge actually does is give certification authorities grounds for revoking software publisher certificates that are used to sign code that does not comply with the Pledge's terms. Of course, any such revocation is only likely to occur after signed code has demonstrated that it is dangerous.

22.2.2 Publishing with Authenticode

To publish with Authenticode, you must have two things:

• A program that you wish to sign.

• A copy of the Microsoft Authenticode Software Developer's Kit (SDK). This kit can be freely downloaded from the Microsoft Developer Network (MSDN) Library web site. Because URLs on MSDN change frequently, we will not print it here; you can probably find the development kit by going to http://msdn.microsoft.com/ and searching for the term "Authenticode".

For developers, signing an application program represents an additional step that must be followed to publish a program. Complicating matters, signing a program must be the last thing that is done to a program before it is released, because if you make any changes to the program after it is signed, it will need to be signed again. If you distribute your program as part of a self-extracting installer, you should sign both the program itself and the installer.

22.2.2.1 The Authenticode SDK

The Authenticode SDK consists of eight programs:

MakeCert.exe

Creates keys and certificates that can be used for testing Authenticode. If you do not wish to create your own private key, you can use MakeCert's built-in "test root" which is issued by "Root Agency" to "Joe's-Software-Emporium."

Cert2SPC.exe

Creates a test software publishing certificate (SPC) from one or more X.509 certificates. This test certificate can be used for code signing, but it is not needed, as the certificate created by MakeCert can be used for signing code. When you actually sign code for public distribution, you will use an SPC that you obtain from a certification authority.

SignCode.exe

Signs a program with a certificate and private key that you specify. SignCode can create either "personal" signatures or "commercial" signatures. Internet Explorer will display these signatures differently to convey a different level of trust and authenticity.

ChkTrust.exe

Checks the signature on a file.

MakeCTL.exe

Creates a certificate trust list.

CertMgr.exe

Manages certificates, certificate trust lists, and certificate revocation lists.

SetReg.exe

Sets registry keys that control the certificate verification process.

MakeCat.exe

Creates a combined catalog of files. This allows a user to approve a single dialog box, instead of having a separate dialog box for each signed component. Trust catalogs require Internet Explorer 5 or above.

The code signing tools can use certificates and keys that are stored either in files or in certificate stores. A certificate store is a service that is provided through the Microsoft Cryptographic API (CAPI). The basic CAPI that ships with Authenticode stores certificates and keys encrypted in the Windows registry. However, other CAPIs can store certificates and keys in smart cards or other high-security devices. Because the Authenticode tools can work directly with certificate stores, they can work with any high-security device that is directly supported by Windows.

In the following examples, we use only certificates and keys that are stored in files.

22.2.2.2 Making the certificate

In this section and those that follow, we will use the MakeCert program to create a test private key and certificate. We will then add the certificate to our program to create a test certificate and use it to sign a test program.

The first step is to create a self-signed certificate for our code signing CA. Let's make Certificate #100 for the Nitroba Code Signing Authority that is good for 20 years (240 months):

C:\hello>makecert -r -n "CN=Nitroba Code Signing Authority" -sv nitroba.pvk -ss  NitrobaStore Nitroba.cer -m 240 -# 100

When you run this program, MakeCert.exe will bring up a window asking you for a password to protect the private key (Figure 22-2).

Figure 22-2. The makecert.exe program gives you the opportunity to assign a password to a certificate's corresponding private key. If you choose to enter no password, you will be asked to confirm this decision.

As this is a test certificate, we really don't need to protect the private key. MakeCert.exe will ask for confirmation, then put the Nitroba private key into the nitroba.pvk file and the certificate in the nitroba.cer file:

C:\hello>makecert -r -n "CN=Nitroba Code Signing Authority" -sv nitroba.pvk -ss  NitrobaStore Nitroba.cer -m 240 -# 100 Succeeded C:\hello>dir nitroba.*  Volume in drive C is 40GB  Volume Serial Number is 7640-B7AA  Directory of C:\hello 07/22/2001  01:59p                 332 nitroba.pvk 07/22/2001  01:59p                 406 Nitroba.cer                2 File(s)            738 bytes                0 Dir(s)  27,876,065,280 bytes free C:\hello>

22.2.2.3 Adding the certificate to the store

To add the certificate to our certificate store, simply double-click on the nitroba.cer key in Internet Explorer or use the Windows start command:

C:\hello>start nitroba.cer c:\hello>

This will bring up the Microsoft Certificate Information panel (Figure 22-3). Press "Install Certificate . . ." to bring up the Certificate Import Wizard. On the next panel, select "Automatically select the certificate store based on the type of certificate." Because we used the "-s" option to create a self-signed certificate, Internet Explorer will automatically place the certificate in the Trusted Root Store. Finally, Internet Explorer will confirm whether or not you really wish to add the certificate (Figure 22-4).

Figure 22-3. The Certificate Information panel can be used to install new certificates.

Figure 22-4. Internet Explorer confirms whether or not you wish to add the certificate. Notice that even though we specified certificate Serial Number 100, the serial number that was added is 64.

22.2.2.4 Signing a program

The program SignCode.exe is used to create Authenticode signatures. If the program is run without any arguments, the SignCode.exe program runs the Digital Signature Wizard (see the following section); SignCode.exe can also be run from the command line. The Digital Signature Wizard is useful the first time you use the program. If you wish to have programs signed automatically when they are compiled, you can modify your Makefile so that the SignCode.exe program is automatically run after the executable is linked together.

Although Microsoft's Authenticode file format allows for multiple signatures on a single file (cosigners, if you will), the SignCode.exe program cannot create such signatures. If you attempt to sign a file that is already signed, the previous signature will be replaced with the new one.

In the following example, we will sign a small program named hello.exe. The hello program is the classic C hello program:

C:\hello>type hello.c #include <stdio.h> int main(int argc,char **argv) {         puts("Hello World!"); } C:\hello>cl hello.c Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8804 for 80x86 Copyright (C) Microsoft Corp 1984-1998. All rights reserved. hello.c Microsoft (R) Incremental Linker Version 6.00.8447 Copyright (C) Microsoft Corp 1992-1998. All rights reserved. /out:hello.exe hello.obj C:\hello>dir hello.*  Volume in drive C is 40GB  Volume Serial Number is 7640-B7AA  Directory of C:\hello 07/22/2001  01:01p                  84 hello.c 07/22/2001  08:22p                 449 hello.obj 07/22/2001  08:22p              40,960 hello.exe                3 File(s)         41,493 bytes                0 Dir(s)  27,871,641,600 bytes free C:\hello>hello Hello World! C:\hello>

Running the SignCode.exe program without arguments brings up the Digital Signature Wizard (see Figure 22-5.) On the first panel, specify the name of the program that you wish to sign; on the second panel, indicate that you wish "Custom" operation (see Figure 22-6).

Figure 22-5. Running SignCode.exe without arguments brings up the Digital Signature Wizard.

Figure 22-6. To sign a program, you must specify which program will be signed. After you have selected a program, specify "Custom" signing to get access to all of the program's options.

Now that you have selected the program that you wish to sign, you need to choose a certificate to use (see Figure 22-7). After choosing the certificate, you need to choose the private key (see Figure 22-8). Then you will be prompted to choose the hash algorithm to use with the signature either MD5 or SHA1 (not shown).

Figure 22-7. By clicking the button "Select from File..." and choosing the key file c:\hello\nitroba.cer, we tell codesign.exe to use the Nitroba Code Signing Authority CA key to sign the program. Although using our CA key for code signing is fine for this example, in practice you might create a separate signing key, sign it with the CA key, and use the signing key to sign your executables.

Figure 22-8. After a certificate is chosen, you can choose which private key to use. The private key must match the certificate that was previously chosen.

Authenticode allows you to include multiple certificates within a single signed file. For example, if a large organization has a single root and an elaborate PKI signing tree, verifying a single signature might require having the organization's root certificate, the certificate for a division, the certificate for a management group, the certificate for a project, and the signature for a particular programmer. By incorporating all of these certificates into the signed executable, you make it possible for the Authenticode system to automatically validate the certificate chain by merely having the organization's root certificate, without forcing the user to download four or more intermediate certificates. The Additional Certificates panel (Figure 22-9) of the Digital Signature Wizard allows you to add these certificates to the binary that you will sign. For most applications, you will choose "No additional certificates."

Figure 22-9. The Additional Certificates panel of the Digital Signature Wizard allows you to add multiple certificates to a signed binary.

Authenticode allows you to provide a description and a URL for each signed program. These are created on the Data Description panel (Figure 22-10) of the Digital Signature Wizard. If you provide a URL, you should make sure that the URL will remain valid for as long as your program is available for download or likely to be used. Authenticode also supports timestamping services. These services will digitally sign a hash that is provided over the Web. The purpose of the timestamping service is to allow a digitally signed object to be used after the certificate that was used to sign the object has expired. The secure timestamp lets the client know that the signature was created with a signature that was valid when it was made (Figure 22-11). Finally, the Digital Signature Wizard will display a window that shows all of the options that have been selected. When you press the "Finish" button, the executable will be digitally signed (Figure 22-12).

Figure 22-10. Authenticode can give each signed program a description and a web location

Figure 22-11. Authenticode allows you to digitally timestamp your program using a timestamp service that can be accessed over the Internet. The URL for VeriSign's timestamping service is http://timestamp.verisign.com/scripts/timstamp.dll. For further information on timestamping, see VeriSign's FAQ at http://www.verisign.com/support/signing/authenticode/#7.

Figure 22-12. When you are finished with the Digital Signature Wizard, all of the parameters will be displayed in a scroller

Signing the hello.exe program increases its size by 896 bytes:

C:\hello>dir hello.exe  Volume in drive C is 40GB  Volume Serial Number is 7640-B7AA  Directory of C:\hello 07/22/2001  08:22p              40,960 hello.exe                3 File(s)         40,960 bytes                0 Dir(s)  27,871,641,600 bytes free C:\hello>hello Hello World! C:\hello>signcode C:\hello>dir hello.exe  Volume in drive C is 40GB  Volume Serial Number is 7640-B7AA  Directory of C:\hello 07/22/2001  09:21p              41,856 hello.exe                1 File(s)         41,856 bytes                0 Dir(s)  27,868,987,392 bytes free C:\hello>

Now, if you find the hello.exe program in the Windows Explorer and left-click to choose the file's "Properties" panel, you will discover that a new tab called "Digital Signatures" is present. If you attempt to download and run the program with Internet Explorer, the Security Warning panel will indicate that it is digitally signed (see Figure 22-13).

Figure 22-13. The digital signature produced by the Digital Signature Wizard is visible from the Windows Explorer and using the Internet Explorer download feature.

22.2.2.5 Code signing from the command line

You can also use the SignCode.exe program from the command line:

C:\hello>signcode -v nitroba.pvk -n "Hello World progarm" -i "http://www.nitroba .com/" -spc nitroba.spc -t http://timestamp.verisign.com/scripts/timstamp.dll hello.exe Succeeded C:\hello>

For a list of all of signcode's arguments, use the -? option:

C:\hello>signcode -? Usage:  SignCode [options] [FileName] Options:  -spc  <file>       Spc file containing software publishing certificates  -v    <pvkFile>    Pvk file name containing the private key  -k    <KeyName>    Key container name  -n    <name>       Text name representing content of the file to be signed  -i    <info>       Place to get more info on content (usually a URL)  -p    <provider>   Name of the cryptographic provider on the system  -y    <type>       Cryptographic provider type to use  -ky   <keytype>    Key type                       <signature|exchange|<integer>>  -$    <authority>  Signing authority of the certificate                       <individual|commercial>                       Default to using certificate's highest capability  -a    <algorithm>  Hashing algorithm for signing                       <md5|sha1>. Default to md5  -t    <URL>        TimeStamp server's http address  -tr   <number>     The # of timestamp trial until succeeds. Default to 1  -tw   <number>     The # of seconds delay between each timestamp. Default to 0  -j    <dllName>    Name of the dll that provides attributes of the signature  -jp   <param>      Parameter to be passed to the dll  -c    <file>       file containing encoded software publishing certificate  -s    <store>      Cert store containing certs. Default to my store  -r    <location>   Location of the cert store in the registry                       <localMachine|currentUser>. Default to currentUser  -sp   <policy>     Add the certification path (chain) or add the certification                     path excluding the root certificate (spcstore).                       <chain|spcstore>. Default to spcstore  -cn   <name>       The common name of the certificate  -sha1 <thumbPrint> The sha1 hash of the certificate  -x                 Do not sign the file.  Only Timestamp the file Note:   To sign with a SPC file, the required options are -spc and -v if         your private key is in a PVK file. If your private key is in a         registry key container, then -spc and -k are the required options. C:\hello>