Authenticode-rs is too strict about the presence of content-type attribute

here's another sample where windows accepts the signature, but authenticode-rs doesn't: [no_content_type_attribute.exe.zip](https://github.com/user-attachments/files/24165448/no_content_type_attribute.exe.zip).

This time, we have a binary that is missing the content-type attribute in the signed attributes. Here's the code generating the signed_attrs:

```rust
let signed_attrs = SignedAttributes::from_iter(vec![Attribute {
    oid: OID_MESSAGE_DIGEST,
    values: SetOfVec::from_iter(vec![
        Any::encode_from(&OctetString::new(econtent_hash.finalize().as_slice()).unwrap()).unwrap(),
    ])
    .unwrap(),
}])
.unwrap();
```

As you can see, there is no ContentType. And yet windows accepts the signature without issue. In fact, I also have a test binary that has the _wrong_ content-type attribute, and windows accepts it too: [content_type_mismatch_signedattr_invalid.exe.zip](https://github.com/user-attachments/files/24165567/content_type_mismatch_signedattr_invalid.exe.zip).

It seems like windows only checks the content-type found in the EmbeddedContent (which is not signed 😬).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Authenticode-rs is too strict about the presence of content-type attribute #238

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Authenticode-rs is too strict about the presence of content-type attribute #238

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions