No I’m still pondering if /ac is worth implementing, I’m just looking for a good use case. Should this be closed, or changed to be the issue for adding the functionality of addUnauthenticatedBlob? That’s more compact that injecting a whole certificate, but it’s visible in the file properties The addUnauthenticatedBlob feature is slightly different, it adds an entry into the unauthenticated attributes table of the signature. The dummy certificate doesn’t participate in the certificate chain and is invisible in the file properties. This store is used by Windows to link the signing certificate with the CA certificate (this is necessary if some of the intermediate certificates are unknown to Windows). The only difference when using the /ac flag with signtool is that the dummy cert doesn’t appear in the digital signature list on the file properties (I’m not sure why that’s the case?)īecause the dummy certificate isn’t used for signing, it’s simply appended to the certificate store embedded within the signature.
0 Comments
Leave a Reply. |