The signatures are in NSS / OpenSSL / big-endian order and not CryptoAPI order.
If CryptoAPI is used to check a signature, the bytes of the signature must be reversed before verifying the signature using CryptVerifySignature.
== Constraints ==
To protect against invalid inputs the following constraints are in place:
* There are at most 8 signatures.
* The file size of the MAR file is at most 500MB.
* No signature is more than 2048 bytes long.
== Additional sections ==