驅動程式生命週期基本原則 > 安裝程序和驅動程式簽署 > Driver Signing Requirements for Windows

Windows Authenticode Portable Executable Signature Format

更新日期: 2008 年 8 月 29 日

Authenticode is a digital signature format that is used to determine the origin and integrity of software binaries. Authenticode is based on Public-Key Cryptography Standards (PKCS) #7 signed data and X.509 certificates to bind an Authenticode-signed binary to the identity of a software publisher. This paper contains the structure and technical details of the Authenticode signature format.

The term "Authenticode" signature refers to a digital signature format that is generated and verified by using Authenticode. This white paper is specific to the signature format that is used to embed an Authenticode signature within a portable executable file and is independent of technologies that may use Authenticode signatures, such as driver signing. Additional information can be found on the WHDC Web site:

For information on Authenticode tools and code-signing best practices, see Code-Signing Best Practices.

For information on signing driver packages for plug and play installation, see the Driver Signing Requirements for Windows portal page.

For information on signing boot start drivers and x64 kernel drivers, see Kernel-Mode Code Signing Walkthrough.

The term "portable executable" refers to executable (image) files and object files under the Windows family of operating systems. These files are referred to as portable executable (PE) and common object file format (COFF) files, respectively. The name "portable executable" refers to the fact that the format is not specific to architecture. For more information see the Microsoft Portable Executable and Common Object File Format Specification.

This information applies to Windows 2000 and later versions of Windows.

Included in this white paper:

Authenticode Profile of PKCS #7 SignedData

Authenticode-Specific Structures

Authenticode Signature Verification

Please read the license agreement before continuing.

回到頁首回到頁首

    LICENSE AGREEMENT

Microsoft Windows Authenticode Portable Executable Signature Format Specification
Revision 1.0

Note: This specification is provided to aid in the development of certain development tools for the Microsoft Windows platform. However, Microsoft does not guarantee that it is a complete specification in all respects, and cannot guarantee the accuracy of any information presented after the date of publication. Microsoft reserves the right to alter this specification without notice.

Microsoft will grant a royalty-free license, under reasonable and non-discriminatory terms and conditions, to any Microsoft patent claims (if any exist) that Microsoft deems necessary for the limited purpose of use in software tools to generate digital signatures and in EFI firmware to verify the signatures, each exclusively in Portable Executable and Common Object File Format images.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this specification may be reproduced, stored in or introduced into a retrieval system, modified or used in a derivative work, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft.

Microsoft may have intellectual property rights covering subject matter in this specification. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this specification does not give you any license to any intellectual property rights, and no other rights are granted by implication, estoppel, or otherwise.

© 2008 Microsoft Corporation. All rights reserved.

This specification is provided "AS IS." Microsoft makes no representations or warranties, express, implied, or statutory, as (1) to the information in this specification, including any warranties of merchantability, fitness for a particular purpose, non-infringement, or title; (2) that the contents of this specification are suitable for any purpose; nor (3) that the implementation of such contents will not infringe any third party patents, copyrights, trademarks, or other rights.

Microsoft will not be liable for any direct, indirect, special, incidental, or consequential damages arising out of or relating to any use or distribution of this specification.

Microsoft, Authenticode, MS-DOS, MSDN, Visual C++, Win32, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.

The foregoing names and trademarks may not be used in any manner, including advertising or publicity pertaining to this specification or its contents without specific, written prior permission from the respective owners.


回到頁首回到頁首