From my understanding you need a hash in order to generate a digital signature, so if you change the hash of a EXE or program using a hash changer(not encrypter) of some sort, the digital signature will change?
my head: DATA/SOURCE --> HASH --> SOME KIND OF KEY --> SIGNATURE
correct me if i'm wrong
Yes, the point of code signing is encrypting file hash of some sort using private key. You then distribute encrypted hash alongside public key (embedded in EXE) so that user's OS can verify if the file has not been tampered with.
Therefore, changing executable's hash will fail the authentication.
