bug-or-digitally-signed-the-weird-world-of-digital-certificates

When working with digital certificates and signing files or executables, its never a simple thing to do. After obtaining a digital certificate you typically need to install software or import .crt files to start signing files, like the DigiCert Certificate Utility.

https://www.sslsupportdesk.com/how-to-verify-a-digital-code-signing-signature-in-windows/

But it can be much easier – let’s digitally sign a file fully automatic with a valid Microsoft digital certificate. 😉

Digitally Signing a file for Dummies

First create a simple text file – file name doesn’t matter.

Then, change the content by only adding a 0, nothing else and also no new line.

Check the digital signature

You can also create the file with the 0 content using the PowerShell and then check the digital signature:

set-content -path testfile.txt "0" -NoNewline
Get-AuthenticodeSignature .testfile.txt | fl

Amazing! We signed the file with a Microsoft digital certificate. It’s so simple nowadays.

Luckily if the file has any other content (at least that’s what we’re aware of), no signature is shown. Also the Windows File Explorer is not showing any signs of a timestamp or digital signature.

Summary

While a file containing a 0 is no risk to your operating system and can’t contain any malicious code, it leaves a bad feeling. What if that bug is not just about "0" files and someone finds a way to leverage that bug for other malicious attempts?

If you simply rely on digital certificates for integrity, you might suffer a similar fraud yourself. Using Codenotary.io gives you more than just additional protection and secured integrity – it can also be used for any digital asset without limitations.

Start Signing for Free

RELATED ARTICLES

Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Dennis
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Dennis
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…
Dennis

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter