Skip to content
Branch: master
Find file History
Latest commit 8fccc16 Jul 15, 2015
Type Name Latest commit message Commit time
Failed to load latest commit information.
testdata WIP Jul 1, 2015
README WIP Jul 1, 2015


certificate_tag.go is a tool for manipulating "tags" in Authenticode-signed,
Windows binaries.

Traditionally we have inserted tag data after the PKCS#7 blob in the file
(called an "appended tag" here). This area is not hashed in when checking
the signature so we can alter it at serving time without invalidating the
Authenticode signature.

However, Microsoft are changing the verification function to forbid that so
this tool also handles "superfluous certificate" tags. These are dummy
certificates, inserted into the PKCS#7 certificate chain, that can contain
arbitrary data in extensions. Since they are also not hashed when verifying
signatures, that data can also be changed without invalidating it.

More details are here: http://b/12236017
You can’t perform that action at this time.