Appx Signer
ENTERPRISE This is a SignServer Enterprise feature.
The signer has the fully qualified class name: org.signserver.module.msauthcode.signer.AppxSigner.
Overview
The Appx signer signs Microsoft APPX packages.
The signature can optionally include a timestamp response from a TSA using the Authenticode or RFC#3161 format.
Available Properties
|
Property |
Description |
|
PROGRAM_NAME |
Program name to embed in the signature. Optional, default: none. |
|
ALLOW_PROGRAM_NAME_OVERRIDE |
If the requestor should be able to override the program name by supplying it as a request metadata property. Optional, default: false. |
|
PROGRAM_URL |
Program URL to embed in the signature. Optional, default: none. |
|
ALLOW_PROGRAM_URL_OVERRIDE |
If the requestor should be able to override the program URL by supplying it as a request metadata property. Optional, default: false. |
|
SIGNATUREALGORITHM |
Signature algorithm. Optional, default: depending on the signing key, SHA256withRSA, SHA256withDSA or SHA256withECDSA. |
|
DIGESTALGORITHM |
Algorithm for the digest of the binary. Optional, default: SHA256. |
|
TSA_WORKER |
Worker ID or name of internal (Authenticode or RFC#3161) timestamp signer in the same SignServer. Optional, default: none. This property cannot be combined with TSA_URL. |
|
TSA_URL |
URL of external (Authenticode or RFC#3161) timestamp authority. Optional, default: none. This property cannot be combined with TSA_WORKER. |
|
TSA_USERNAME |
Login username used if the TSA uses HTTP Basic Auth. Optional, default: none. |
|
TSA_PASSWORD |
Login password used if the TSA uses HTTP Basic Auth. Required if TSA_USERNAME is specified, default: none. |
|
DO_LOGREQUEST_DIGEST |
If a digest of the request should be computed and logged. Optional, default: true. |
|
LOGREQUEST_DIGESTALGORITHM |
Algorithm used to create the message digest (hash) of the request document to put in the log. Default: SHA256. |
|
DO_LOGRESPONSE_DIGEST |
If a digest of the response should be computed and logged. Optional, default: true. |
|
LOGRESPONSE_DIGESTALGORITHM |
Algorithm used to create the message digest (hash) of the response document to put in the log. Default: SHA256. |
|
TIMESTAMP_FORMAT |
Specifies the timestamp format to use. Default: AUTHENTICODE. Allowed values: AUTHENTICODE, RFC3161. If value RFC3161 is set, a standard RFC 3161-compliant timestamp signer is assumed, rather than the legacy Authenticode timestamp format. |
Request Properties
This worker can accept the following request metadata properties, given that they are configured to be allowed:
|
Property |
Description |
|
PROGRAM_NAME |
Program name text to use instead of the configured one (if any). Specifying an empty value removes the configured program name. Without ALLOW_PROGRAM_NAME_OVERRIDE configured in the worker request, including this request property will not be allowed. |
|
PROGRAM_URL |
Program URL to use instead of the configured one (if any). Specifying an empty value removes the configured program URL. Without ALLOW_PROGRAM_URL_OVERRIDE configured in the worker request, including this request property will not be allowed. |
Worker Log Fields
|
Field |
Description |
|
REQUEST_DIGEST |
A message digest (hash) for the request document in hex encoding. |
|
REQUEST_DIGEST_ALGORITHM |
The name of the message digest (hash) algorithm used for the request digest in the log. |
|
RESPONSE_DIGEST |
A message digest (hash) for the response document in hex encoding. |
|
RESPONSE_DIGEST_ALGORITHM |
The name of the message digest (hash) algorithm used for the response digest in the log. |