i'm exploring to programatically modify some file metadata in the Windows Property System.
i have modified the System.Comment of an MSI file like so:
to my big surprise this now breaks the digital signature of that file:
i would have assumed that such type of "metadata" (such as: Categories, Tags, Comments, etc) can be freely altered on the file. but there seem to be some drawbacks ...
is this really behaving "as designed"?
are modifications on the metadata supposed to break digital signatures (as created by signtool.exe, for example)?
--
my perspective:
the purpose of code signing windows PE files is to:
- confirm the software author
- guarantee that the code has not been altered or corrupted since it was signed
to me it doesn't make sense that "metadata" such as System.Comment (or "custom" properties) are considered when generating or validating a signature.
The metadata displayed in the file properties are stored in the Summary Information stream of the installer, which is hashed when the signature is created. So modifying this breaks the integrity.
Signing a file should be perceived like sealing it's content completely, any modification, even trivial, usually break the signature. Depending on the file format there may be some areas still modifiable after signing though, for example the checksum field and the certificate table of PE files, or the unauthenticated attributes of CMS signatures. But MSI streams are not modifiable once signed.