windows - What is the structure of AppxSignature.p7x? -
universal windows apps in .appx file, zip of bunch of files , metadata. of metadata files extensively documented on microsoft website , trivial parse and/or regenerate. appxsignature.p7x remains mystery.
from diagram (source):
appxsignature.p7x should have hashes of appxblockmap.xml, content & directory hashes, , signature. cannot find documentation of appxsignature.p7x file itself. ideally use alternative tool produce , verify signature, e.g. openssl/gnutls or similar. practical use update , repackage apps on linux, , prepare .appxupload file windows store.
as described in blog post link to, appxblockmap.xml file stores cryptographic block hashes every file in package. file verified , secured digital signature when package signed using authenticode.
so, on windows, have 2 tools:
- makeappx.exe creates package (.zip format) , blockmap file at same time. important, what's in block map corresponds closely .zip file bits, can't zipping tool step, must program zip/app package creation using zip api.
- signtool.exe adds signature package using "standard" authenticode.
with windows api can same makeappx using packaging api , can same signtool using the signersign function.
the whole makeappx process not documented imho, blockmap schema in fact described here: package block map schema reference relatively easy understand.
the authenticode signature pe document documented here: windows authenticode portable executable signature format
but it's pe (.dll, .exe, etc.) files (note it's possible sign .cab files), , don't think how signersign builds appxsignature.p7x documented. however, there open source tool here here: https://github.com/facebook/fb-util-for-appx. notice file https://github.com/facebook/fb-util-for-appx/blob/master/privateheaders/appx/sign.h declares should used input signing. have no idea got information.
Comments
Post a Comment