How does countersign in code signing work?

Question

I don't understand at the moment how countersignings work.

I'm thinking about is it possible to manipulate a file and resign it with the orginal key including a faked countersign?

I'm using e.g.:

signtool.exe sign /f "mycert.pfx" /t "http://timestamp.verisign.com/scripts/timstamp.dll" /v "MyApp.exe"

So will I get a signed application with a contersign. But how does that work? Does the "timestamp" server simple sign the current timestamp? If I understand right that would be allow a replay attack. So that I could sign a file in the past.

How is the contersign protected?

Answer 1

In your particular case it's not countersigning at all. The Authenticode timestamp is included as an attribute in PKCS#7 packet of the original signature. It's a signature (its digest) that is timestamped. The server signs the digest and the time value with its certificate.

Consequently there's no room (or sense) for replay attack - if you change the data, you will get different timestamp packet and if you want to replace older timestamp of the same data with the new timesamp, you can just re-sign and re-timestamp the data instead of playing with timestamps.