things & stuff » Authenticode

The Demise of CAPICOM

Jeff Fitzsimons — Thu, 16 Oct 2008 06:43:01 +0000

CAPICOM, a COM-based wrapper for the CryptoAPI library, is deprecated and on its way out. However, Microsoft has no time line for phasing it out, nor have they provided sufficient documentation of alternatives.

Many CAPICOM pages contain a confusing, bright-red header along the lines of:

[The SignedCode object is available for use in the operating systems listed in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API SignerSignEx, SignerTimeStampEx, and WinVerifyTrust functions to sign content with an Authenticode digital signature. For information about PInvoke, see Platform Invoke Tutorial. The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful.]

Note that this alarming paragraph seems to begin by simply telling you that this API is supported on the operating systems listed later. It does not state that the API will not be available on later OSes, but why place this here otherwise? The next sentence, beginning with, “Instead, …” seems to be contrasting with something, yet makes absolutely no sense in this context.

Finally, this paragraph instructs us to investigate SignerSignEx, and SignerTimeStampEx, which are supplied by the mssign32.dll, have no header file, and absolutely no example code. This is what I find most irksome, they document each and every function and structure, yet each page says, “there is no header file, so copy and paste the declaration given here.” Well, why not simply provide an mssign.h file on blogs.msdn, or similar? And why, oh why, is there not a single line of sample code?

Follow-up

I have provided a basic header file for mssign32.dll, here.

Stripping an Authenticode Signature

Jeff Fitzsimons — Fri, 12 Sep 2008 21:39:25 +0000

We needed to modify the resources of an installer and then apply an Authenticode signature. Unfortunately, it already had a signature on it, and modifying the resources of an executable with a signature results in a corrupted signature. The Microsoft signing tools cannot recover from this situation, so:

It is not possible to re-sign a file after modifying its resources.

However, it is possible to remove the existing signature, modify the binary, and then apply a new signature. There are two approaches (which almost certainly amount to the same thing):

Use delcert.exe from the this XDA Forum post (note, this is not the same as the SMS Server 2003 tool ccmdelcert.exe, which deletes all SMS certificates on a machine).
Write an application which calls ImageRemoveCertificate.

mssign32.dll

Jeff Fitzsimons — Fri, 12 Sep 2008 02:48:19 +0000

With CAPICOM deprecated, MSDN suggests using the mssign32.dll functions. There are two fundamental problems with this:

No example code whatsoever is provided.
No header file is provided.

Well, at least I can do something about #2. Here is a minimal version of a header file for mssign32.dll. It includes direct function declarations, as well as function pointer typedefs.

The function pointers can be used with LoadLibrary/GetProcAddress to dynamically call the functions, as in:

SignerSignPtr pSignerSign =
    (SignerSignPtr)GetProcAddress(hModule, "SignerSign");