Code Monkey home page Code Monkey logo

Comments (7)

ralphje avatar ralphje commented on August 12, 2024 1

I will certainly look into it.

from signify.

ralphje avatar ralphje commented on August 12, 2024 1

This issue is caused by the fact that msi files have a different structure, currently not supported by signify.

from signify.

crowley285 avatar crowley285 commented on August 12, 2024 1

MSI files have OLE2 structure I managed to get the signed data using olefile library and then reading part with digital signature

with OleFileIO(self.fname) as ole:
    # https://github.com/decalage2/olefile
    if not ole.exists("\x05DigitalSignature"):
        return
    # get properties from the stream:
    with ole.openstream("\x05DigitalSignature") as fh:
        b_data = fh.read()
data = structures.AuthenticodeSignedData.from_envelope(b_data)

from signify.

jgstew avatar jgstew commented on August 12, 2024

MSI files are not PEFiles so that means they have to be inspected differently, but it is possible once you get to the actual signature data the validation could be similar. Same goes for CAB files and MSIX files I think.

from signify.

jgstew avatar jgstew commented on August 12, 2024

data = structures.AuthenticodeSignedData.from_envelope(b_data)

@crowley285 This feature doesn't seem to be in the newest signify. Unclear How to do this in the latest.

from signify.

crowley285 avatar crowley285 commented on August 12, 2024

@jgstew it's located in the base class for AuthenticodeSignedData in signify/pkcs7/signeddata.py
i'm importing it by:
from signify.authenticode import structures

from signify.

jgstew avatar jgstew commented on August 12, 2024

ah, now I see: https://github.com/ralphje/signify/blob/master/signify/pkcs7/signeddata.py#L73

Using .explain_verify() on it gives the error:

(<AuthenticodeVerificationResult.UNKNOWN_ERROR: 5>, AttributeError("'NoneType' object has no attribute 'get_fingerprinter'"))

This seems to be because it is not doing it as a signedpe file to start with, doesn't like jumping into it.

If instead:

        with ole.openstream("\x05DigitalSignature") as fh:
            pefile = SignedPEFile(fh)
            print(pefile.explain_verify())

Then I get the error: (<AuthenticodeVerificationResult.NOT_SIGNED: 2>, SignedPEParseError('The PE file does not contain a certificate table.'))

This makes some sense. I think from_envelope is probably the right way to do this, but it gets stuck due to there not being an actual PE file involved to parse first.

from signify.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.