Comments (7)
I will certainly look into it.
from signify.
This issue is caused by the fact that msi files have a different structure, currently not supported by signify.
from signify.
MSI files have OLE2 structure I managed to get the signed data using olefile library and then reading part with digital signature
with OleFileIO(self.fname) as ole:
# https://github.com/decalage2/olefile
if not ole.exists("\x05DigitalSignature"):
return
# get properties from the stream:
with ole.openstream("\x05DigitalSignature") as fh:
b_data = fh.read()
data = structures.AuthenticodeSignedData.from_envelope(b_data)
from signify.
MSI files are not PEFiles so that means they have to be inspected differently, but it is possible once you get to the actual signature data the validation could be similar. Same goes for CAB files and MSIX files I think.
from signify.
data = structures.AuthenticodeSignedData.from_envelope(b_data)
@crowley285 This feature doesn't seem to be in the newest signify. Unclear How to do this in the latest.
from signify.
@jgstew it's located in the base class for AuthenticodeSignedData in signify/pkcs7/signeddata.py
i'm importing it by:
from signify.authenticode import structures
from signify.
ah, now I see: https://github.com/ralphje/signify/blob/master/signify/pkcs7/signeddata.py#L73
Using .explain_verify()
on it gives the error:
(<AuthenticodeVerificationResult.UNKNOWN_ERROR: 5>, AttributeError("'NoneType' object has no attribute 'get_fingerprinter'"))
This seems to be because it is not doing it as a signedpe file to start with, doesn't like jumping into it.
If instead:
with ole.openstream("\x05DigitalSignature") as fh:
pefile = SignedPEFile(fh)
print(pefile.explain_verify())
Then I get the error: (<AuthenticodeVerificationResult.NOT_SIGNED: 2>, SignedPEParseError('The PE file does not contain a certificate table.'))
This makes some sense. I think from_envelope
is probably the right way to do this, but it gets stuck due to there not being an actual PE file involved to parse first.
from signify.
Related Issues (20)
- Support more `SignerInfo` versions? HOT 1
- Cert Table parsing error HOT 1
- Does it support reading a file as a buffer?
- Need to specify asn1crypto version in requirements.txt
- cannot import name 'rfc3161' from 'pyasn1_modules' HOT 1
- Exception raised if script is compiled by pyinstaller HOT 5
- SignerInfoVerificationError with valid signature HOT 8
- test_revoked_certificate fails since 2021-10-08 HOT 1
- How to do certificate pinning? HOT 3
- Can't import signify after upgrading to Ubuntu Jammy HOT 1
- bytes() on bitstring causes wrong parsing of subject_public_key
- Exception when root cert has 'Disallowed Filetime' but no 'Not before time' HOT 3
- Add to README.rst or Docs "Examples" section. HOT 1
- Question - planned stable release? HOT 2
- Compatibility with pyasn1 0.5 HOT 3
- The root Microsoft Root Certificate Authority is disallowed for certificate issued after HOT 8
- Signed file but issuer is missing HOT 1
- Sample without signatures, but verified in Windows HOT 5
- Error: oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from signify.