1

i'm exploring to programatically modify some file metadata in the Windows Property System.
i have modified the System.Comment of an MSI file like so:
Properties - System.Comment

to my big surprise this now breaks the digital signature of that file:
enter image description here

i would have assumed that such type of "metadata" (such as: Categories, Tags, Comments, etc) can be freely altered on the file. but there seem to be some drawbacks ...

is this really behaving "as designed"?
are modifications on the metadata supposed to break digital signatures (as created by signtool.exe, for example)?

--

my perspective:

the purpose of code signing windows PE files is to:

  • confirm the software author
  • guarantee that the code has not been altered or corrupted since it was signed

to me it doesn't make sense that "metadata" such as System.Comment (or "custom" properties) are considered when generating or validating a signature.

Improve this question
2
  • why would you expect that to be preserved? the file has changed. why are you changing it? Commented Jan 31, 2024 at 15:15
  • 2
    It's technically possible to alter an authenticode-signed executable (PE) file w/o invalidating the signature but only if touch a very specific area, see here stackoverflow.com/questions/71568252/…. MSI are different beasts anyway (they are not executable files) and typically, altering their metadata does break its the signature, it's by design, there's nothing you can do agains that (in fact the .MSI format is not fully documented). Commented Jan 31, 2024 at 16:12

1 Answer 1

Reset to default
1

The metadata displayed in the file properties are stored in the Summary Information stream of the installer, which is hashed when the signature is created. So modifying this breaks the integrity.

Signing a file should be perceived like sealing it's content completely, any modification, even trivial, usually break the signature. Depending on the file format there may be some areas still modifiable after signing though, for example the checksum field and the certificate table of PE files, or the unauthenticated attributes of CMS signatures. But MSI streams are not modifiable once signed.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

If you change the comments before signing that's fine. You can also replace the signature after changing the comments if the file was already signed.
interesting. so for my own MSI or MSP i'll simply change the "comments" section BEFORE signing it. does it make a technical difference whether to change the comments through either the "windows property system" or the "summary information stream"?
That's the same, the Windows properties UI changes the data in the summary information stream.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.