Verfasst am: 14.01.2020, 10:53 Titel: Duplicating Digital Signatures?
From what I understand about digital signatures, when code-signing exe's it the "signer" modifies the PE itself. I noticed that it adds the certificate content to the end of the PE and also (obviously) adds some kind of reference to the headers.
My question is: How secure is this ? Wouldn't someone capable of reverse engineering the executable be able to forge that onto his own executable thereby forging a digital signature ?
Verfasst am: 15.01.2020, 09:15 Titel: Duplicating Digital Signatures?
Code signing is a public-private key operation. The signing operation calculates a hash of the .exe file (minus the bits where the signature is stored), then encrypts the hash with the signer's private key.
On client-side validation, the client will redo the hash calculation, and decrypt the stored signature using the public key. If the two hashes match, then the exe has not been tampered with.
The only bits of the file are are encrypted are the signature - everythign else is stored in the clear. Nothing stops you from ripping apart the exe and stuff it (or parts of it) into another .exe.
Signing is not there to prevent theft - it's there to detect tampering.
On a side note, I notice that, Digital Signatures in windows executable do not prevent anything. It looks like it is merely used to see if the executable has been tampered with. I may be wrong, or my settings may have been configured in some way, but advertising agency in malaysia even throw an error saying a Digital Signature isn't valid. One can find out if the digital signature is valid or not, only by looking into the details of the signature.
Du kannst keine Beiträge in dieses Forum schreiben. Du kannst auf Beiträge in diesem Forum nicht antworten. Du kannst deine Beiträge in diesem Forum nicht bearbeiten. Du kannst deine Beiträge in diesem Forum nicht löschen. Du kannst an Umfragen in diesem Forum nicht mitmachen.