{
	"id": "a8323433-6b28-4cff-a77c-68b45637f95a",
	"created_at": "2026-04-06T01:31:11.953994Z",
	"updated_at": "2026-04-10T03:21:32.450548Z",
	"deleted_at": null,
	"sha1_hash": "4cbe1c6f1dbd7c785636facd22f457f5c7eb0929",
	"title": "Authenticode (Windows)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41193,
	"plain_text": "Authenticode (Windows)\r\nArchived: 2026-04-06 01:11:24 UTC\r\nMicrosoft Authenticode, which is based on industry standards, allows developers to include information about\r\nthemselves and their code with their programs through the use of digital signatures.\r\nTopic Contents\r\nAuthenticode\r\nAppendixes\r\nThis section lists required files, briefly discusses the X.509 protocol structure for\r\npublic-key certificates, and suggests further reading. New authenticode behavior for\r\nWindows XP Service Pack 2 (SP2) is also discussed.\r\nImportant Release\r\nInformation\r\nAuthenticode version 2.0 was coupled with Microsoft Internet Explorer 4.0, and it\r\ncontains changes and enhancements over the previous version of Authenticode, which\r\nwas released with Microsoft Internet Explorer 3.02 UPD. Another version of\r\nAuthenticode was released for Microsoft Internet Explorer 5 and later.\r\nIntroduction to\r\nCode Signing\r\nPackaged software uses branding and trusted sales outlets to assure users of its\r\nintegrity, but these are not available when code is transmitted on the Internet.\r\nAdditionally, there is no guarantee that the code hasn't been altered while being\r\ndownloaded. Browsers typically exhibit a warning message explaining the possible\r\ndangers of downloading data, but do nothing to actually see whether the code is what it\r\nclaims to be. A more active approach must be taken to make the Internet a reliable\r\nmedium for distributing software.\r\nSigning and\r\nChecking Code\r\nwith Authenticode\r\nThis section demonstrates how to sign code by creating digital signatures and\r\nassociating them with files using Authenticode technology. Creating a fully verifiable\r\ncertificate might assume the existence of a complex hierarchy of certification\r\nauthorities. A root certificate and a root private key are provided for testing purposes\r\nonly. Independent software vendors (ISVs) must obtain a certificate from a certification\r\nauthority that is trusted by default in Windows. (For a list of trusted certification\r\nauthority (CA) see Microsoft Root Certificate Program Members.)\r\nhttps://msdn.microsoft.com/library/ms537359.aspx\r\nPage 1 of 2\n\nTopic Contents\r\nSigning Code with\r\nMicrosoft\r\nAuthenticode\r\nTechnology\r\nThe documentation on digitally signing files, viewing certificates, and modifying\r\ncertificates is now located in the Creating, Viewing, and Managing Certificates\r\ndocumentation on MSDN Online.\r\nSource: https://msdn.microsoft.com/library/ms537359.aspx\r\nhttps://msdn.microsoft.com/library/ms537359.aspx\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://msdn.microsoft.com/library/ms537359.aspx"
	],
	"report_names": [
		"ms537359.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775439071,
	"ts_updated_at": 1775791292,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4cbe1c6f1dbd7c785636facd22f457f5c7eb0929.pdf",
		"text": "https://archive.orkl.eu/4cbe1c6f1dbd7c785636facd22f457f5c7eb0929.txt",
		"img": "https://archive.orkl.eu/4cbe1c6f1dbd7c785636facd22f457f5c7eb0929.jpg"
	}
}