Digital Signature

digital_signature

The Digital Signature object contains information about the cryptographic mechanism used to verify the authenticity, integrity, and origin of the file or application.

Attributes

CaptionNameTypeDescription
Algorithm algorithm String The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.
Algorithm ID algorithm_id Integer The identifier of the normalized digital signature algorithm.
  • 0: Unknown (UNKNOWN)
  • 1: DSA (DSA)
  • 2: RSA (RSA)
  • 3: ECDSA (ECDSA)
  • 4: Authenticode (AUTHENTICODE)
  • 99: Other (OTHER)
Certificate certificate Digital Certificate[] The certificate object containing information about the digital certificate.
Created Time created_time Timestamp The time when the digital signature was created.
Developer UID developer_uid String The developer ID on the certificate that signed the file.
Message Digest digest Fingerprint[] Entity:FINGERPRINT
The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
State state String The digital signature state defines the signature state, normalized to the caption of 'state_id'. In the case of 'Other', it is defined by the event source.
State ID state_id Integer The normalized identifier of the signature state.
  • 0: Unknown (UNKNOWN)
  • 1: Valid (VALID)
  • 2: Expired (EXPIRED)
  • 3: Revoked (REVOKED)
  • 4: Suspended (SUSPENDED)
  • 5: Pending (PENDING)
  • 99: Other (OTHER)
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Digital Signature shown in context

Inbound Relationships

These objects and events reference Digital Signature in their attributes:

Outbound Relationships

Digital Signature references the following objects and events in its attributes:

This page describes ocsf-1.4.0