Digital Signature

The Digital Signature object contains information about the cryptographic mechanism used to verify the authenticity, integrity, and origin of the file or application.

Attributes

Caption	Name	Type	Description
Algorithm	`algorithm`	String	The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.
Algorithm ID	`algorithm_id`	Integer	The identifier of the normalized digital signature algorithm. `0`: Unknown (`UNKNOWN`) `1`: DSA (`DSA`) `2`: RSA (`RSA`) `3`: ECDSA (`ECDSA`) `4`: Authenticode (`AUTHENTICODE`) `99`: Other (`OTHER`)
Certificate	`certificate`	Digital Certificate[]	The certificate object containing information about the digital certificate.
Company Name	`company_name`	String	The name of the company that published the file. For example: `Microsoft Corporation`. 🚧 WARNING: DEPRECATED Company Name has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Created Time	`created_time`	Timestamp	The time when the digital signature was created.
Developer UID	`developer_uid`	String	The developer ID on the certificate that signed the file.
Message Digest	`digest`	Fingerprint[]	The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information.
Fingerprints	`fingerprints`	Fingerprint[]	An array of digital fingerprint objects. 🚧 WARNING: DEPRECATED Fingerprints has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Issuer Name	`issuer_name`	String	The certificate issuer name. 🚧 WARNING: DEPRECATED Issuer Name has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Record ID	`record_id`	String	Unique identifier for the object
Serial Number	`serial_number`	String	The serial number of the digital signature. 🚧 WARNING: DEPRECATED Serial Number has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
State	`state`	String	The digital signature state defines the signature state, normalized to the caption of 'state_id'. In the case of 'Other', it is defined by the event source.
State ID	`state_id`	Integer	The normalized identifier of the signature state. `0`: Unknown (`UNKNOWN`) `1`: Valid (`VALID`) `2`: Expired (`EXPIRED`) `3`: Revoked (`REVOKED`) `4`: Suspended (`SUSPENDED`) `5`: Pending (`PENDING`) `99`: Other (`OTHER`)
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Inbound Relationships

These objects and events reference Digital Signature in their attributes:

File
OSINT

Outbound Relationships

Digital Signature references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0