Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 25, 2017 3:44 PM
This question is going into the weeds a bit but I'm trying to determine the effect of each of the 20 bits that make up the total value of the following registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
Long and short we've been running into various problems and per security requirements, this value has been modified. I know the default values and such but what I'm looking for is what the various bits control.
Below i'll create a rough grid of an example i'm looking at: The first row will be the bit position, and in the parenthensis to the right will be the equivalent HEX value for the State key
20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
0 0 1 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 (23C00)
0 0 1 0 0 0 1 1 1 1 1 0 0 0 0 0 0 0 0 0 (23E00)
So looking at the items above, we see that the difference between HEX value(s) 23C00 and 23E00, is the value in position 10 changes from a "0" to a "1".
This value is tied to the "Check for Publisher's certificate Revocation" checkbox in Internet Explorer. Having a value of 23C00 means this box is unchecked, whereas having a value of 23E00 means it is checked.
So to bring it all home I'm trying to come up with a list something like this
20 - This controls the.....
19 - This controls the.....
...
10 - This controls the checkbox for "Check for Publisher's certificate revocation" checkbox in IE (1= Enabled/0-Disabled)
9 - This controls the.....
...
I had looked into it before and came up with more items but I'm wondering if the info is already out there anywhere, I haven't been able to find a thing.
All replies (2)
Thursday, January 26, 2017 5:25 AM ✅Answered
Hi,
First, I would like to explain how Wintrust work.
Please know that WinTrust is a name (and DLL) of Microsoft Trust verification services, which provide a common API for determining whether a specific subject can be trusted.
Trust verification services are implemented by trust providers. There is a built-in trust provider: Software Publishing. The Software Publishing trust provider allows a calling application to determine whether a software component contains digital signatures that identify it as being authentic software released by a publisher that is trusted on the local user’s system.
Software Publishing trust provider uses registry key (on per user basis) to specify trust policy flags. The policy flags are defined as enumeration of WintrustGetRegPolicyFlags (you can see details here: http://msdn.microsoft.com/en-us/library/aa388197).
The ***WintrustGetRegPolicyFlags ***can have the following combination of bitwise values:
| Flag | Value | Meaning |
|---|---|---|
| WTPF_TRUSTTEST | 0x00000020 | Trust any test certificate. |
| WTPF_TESTCANBEVALID | 0x00000080 | Check any test certificate for validity. |
| WTPF_IGNOREEXPIRATION | 0x00000100 | Use expiration date. |
| WTPF_IGNOREREVOKATION | 0x00000200 | Do revocation check. |
| WTPF_OFFLINEOK_IND | 0x00000400 | If the source is offline, trust any individual certificates |
| WTPF_OFFLINEOK_COM | 0x00000800 | If the source is offline, trust any commercial certificates |
| WTPF_OFFLINEOKNBU_IND | 0x00001000 | If the source is offline, trust any individual certificates. Do not use the user interface (UI). |
| WTPF_OFFLINEOKNBU_COM | 0x00002000 | If the source is offline, trust any commercial certificates. Do not use the checking UI. |
| WTPF_VERIFY_V1_OFF | 0x00010000 | Turn off verification of version 1.0 certificates. |
| WTPF_IGNOREREVOCATIONONTS | 0x00020000 | Ignore time stamp revocation checks. |
| WTPF_ALLOWONLYPERTRUST | 0x00040000 | Allow only items in personal trust database. |
For example, In order to change ‘State’ value from ‘0x00023c00’ to the magic value ‘0x00023e00’, we need to add flag WTPF_IGNOREREVOKATION. This flag will set policy for trust provider to ignore revocation check.
So, we can try to change different combinations for about items to see the results.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, January 27, 2017 3:47 PM
This is a good start. I was scouring for resources for this but was uncertain as to what this was considered. It's about as clear as mud currently as they simply refer to the overall value it appears as opposed to individual bit settings.
I should be able to draw a picture byt comparing the various settings and dissecting things a bit more.
Thanks for the help