Digital Signature
digital_signature
The Digital Signature object contains information about the cryptographic mechanism used to verify the authenticity, integrity, and origin of the file or application.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Algorithm | algorithm | String | The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source. | ||
| Algorithm ID | algorithm_id | Integer |
The identifier of the normalized digital signature algorithm.
|
||
| Certificate | certificate | Digital Certificate | The certificate object containing information about the digital certificate. | ||
| Company Name | company_name | String |
The name of the company that published the file. For example: Microsoft Corporation.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Created Time | created_time | Timestamp | The time when the digital signature was created. | ||
| Developer UID | developer_uid | String | The developer ID on the certificate that signed the file. | ||
| Message Digest | digest | Fingerprint | The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information. | ||
| Fingerprints | fingerprints | Fingerprint |
An array of digital fingerprint objects.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Issuer Name | issuer_name | String |
The certificate issuer name.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Serial Number | serial_number | String |
The serial number of the digital signature.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| State | state | String | The digital signature state defines the signature state, normalized to the caption of 'state_id'. In the case of 'Other', it is defined by the event source. | ||
| State ID | state_id | Integer |
The normalized identifier of the signature state.
|
||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Context
JSON
{
"caption": "Digital Signature",
"name": "digital_signature",
"description": "The Digital Signature object contains information about the cryptographic mechanism used to verify the authenticity, integrity, and origin of the file or application.",
"extends": "object",
"attributes": {
"algorithm": {
"description": "The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.",
"requirement": "optional",
"caption": "Algorithm",
"type": "string_t"
},
"algorithm_id": {
"description": "The identifier of the normalized digital signature algorithm.",
"enum": {
"99": {
"caption": "Other",
"description": "The algorithm is not mapped. See the <code>algorithm</code> attribute, which contains a data source specific value."
},
"0": {
"caption": "Unknown",
"description": "The algorithm is unknown."
},
"1": {
"caption": "DSA",
"description": "Digital Signature Algorithm (DSA)."
},
"2": {
"caption": "RSA",
"description": "Rivest-Shamir-Adleman (RSA) Algorithm."
},
"3": {
"caption": "ECDSA",
"description": "Elliptic Curve Digital Signature Algorithm."
},
"4": {
"caption": "Authenticode",
"description": "Microsoft Authenticode Digital Signature Algorithm."
}
},
"requirement": "required",
"caption": "Algorithm ID",
"sibling": "algorithm",
"type": "integer_t"
},
"certificate": {
"requirement": "recommended",
"caption": "Certificate",
"description": "The certificate object containing information about the digital certificate.",
"type": "certificate"
},
"created_time": {
"description": "The time when the digital signature was created.",
"requirement": "optional",
"caption": "Created Time",
"type": "timestamp_t"
},
"developer_uid": {
"requirement": "optional",
"caption": "Developer UID",
"description": "The developer ID on the certificate that signed the file.",
"type": "string_t"
},
"digest": {
"requirement": "optional",
"caption": "Message Digest",
"description": "The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information.",
"type": "fingerprint"
},
"state": {
"description": "The digital signature state defines the signature state, normalized to the caption of 'state_id'. In the case of 'Other', it is defined by the event source.",
"requirement": "optional",
"caption": "State",
"type": "string_t"
},
"state_id": {
"description": "The normalized identifier of the signature state.",
"enum": {
"1": {
"caption": "Valid",
"description": "The digital signature is valid."
},
"2": {
"caption": "Expired",
"description": "The digital signature is not valid due to expiration of certificate."
},
"3": {
"caption": "Revoked",
"description": "The digital signature is invalid due to certificate revocation."
},
"4": {
"caption": "Suspended",
"description": "The digital signature is invalid due to certificate suspension."
},
"5": {
"caption": "Pending",
"description": "The digital signature state is pending."
},
"0": {
"caption": "Unknown",
"description": "The state is unknown."
},
"99": {
"caption": "Other",
"description": "The state is not mapped. See the <code>state</code> attribute, which contains a data source specific value."
}
},
"requirement": "optional",
"caption": "State ID",
"sibling": "state",
"type": "integer_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
},
"company_name": {
"requirement": "required",
"caption": "Company Name",
"description": "The name of the company that published the file. For example: <code>Microsoft Corporation</code>.",
"type": "string_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"serial_number": {
"description": "The serial number of the digital signature.",
"requirement": "optional",
"caption": "Serial Number",
"type": "string_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"issuer_name": {
"requirement": "optional",
"caption": "Issuer Name",
"description": "The certificate issuer name.",
"type": "string_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"fingerprints": {
"requirement": "optional",
"caption": "Fingerprints",
"description": "An array of digital fingerprint objects.",
"is_array": true,
"type": "fingerprint",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
}
}
}