Windows Catalog Files

By | May 14, 2021
0 Comment

Windows Catalog file is used to store hash checksums or thumbprints of any collection of files to validate its authenticity. Besides the Catalog file may be digitally signed and be used as group digital signature of the files which thumbprints are presented in this Catalog file. Catalog file may be generated from text catalog definition file (CDF) using makecat utility from Microsoft Windows Software Development Kit or programmatically using API functions defined in mscat.h header file. Catalog definition text file should satisfied appropriate template rules. This is example of catalog definition file (cdf.txt):


[CatalogHeader]
Name=js.cat
PublicVersion=0x0000001
EncodingType=0x00010001
HashAlgorithms=SHA1
CATATTR1=0x10010001:OSAttr:2:6.0
[CatalogFiles]
anchor.js=.\javascripts\anchor.js
anchor.jsATTR1=0x11010001:jsFile1:anchor.js
initrows.js=.\javascripts\initrows.js
initrows.jsATTR1=0x11010001:jsFile2:initrows.js
jquery.js=.\javascripts\jquery.js
jquery.jsATTR1=0x11010001:jsFile3:jquery.js
printable.js=.\javascripts\printable.js
printable.jsATTR1=0x11010001:jsFile4:printable.js
wonderword.js=.\javascripts\wonderword.js
wonderword.jsATTR1=0x11010001:jsFile5:wonderword.js

The cdf.txt file defines catalog of 5 JavaScript files (anchor.js, initrows.js, jquery.js, printable.js and wonderword.js) from wordchaos.com website. Each file is presented by 2 lines which specifies file location and file thumbprint attribute. Output catalog file name (js.cat) is defined in CatalogHeader section.
Creating js.cat using makecat:


C:\CDF>makecat.exe -v cdf.txt
opened: cdf.txt
   attribute: OSAttr
processing: anchor.js
   attribute: jsFile1
processing: initrows.js
   attribute: jsFile2
processing: jquery.js
   attribute: jsFile3
processing: printable.js
   attribute: jsFile4
processing: wonderword.js
   attribute: jsFile5
Succeeded

Catalog file may be signed:


C:\CDF>signtool.exe sign /f selfsigned.pfx /p Password1 /fd sha256 /tr http://timestamp.digicert.com js.cat
Done Adding Additional Store
Successfully signed: js.cat

signed catalog file
Now how to view file thumbprints: double click on catalog file in file explore or run rundll32.exe utility from command line (CryptExtOpenCAT is case sensitive key):


C:\CDF>rundll32 cryptext.dll,CryptExtOpenCAT js.cat

Select Security Catalog tab:
File thumbprint
Compare thumbprint checksum with checksum of file:


C:\CDF>powershell
Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.

PS C:\CDF> Get-FileHash .\javascripts\wonderword.js -algorithm SHA1

Algorithm      Hash
———            —-
SHA1           041C68DB30A3EC437D0BB20AAA3562812C5BF130

Again everything presented here is possible to do programmatically using mscat.h API.

Leave a Reply

Your email address will not be published. Required fields are marked *