Comments on: How to verify executable digital signatures under Linux? https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html Just another WordPress site Wed, 05 Feb 2014 11:48:31 +0000 hourly 1 https://wordpress.org/?v=6.9 By: Anonymous https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-9 Wed, 05 Feb 2014 11:48:31 +0000 https://grey-panther.net/?p=681#comment-9 How about chktrust which is part of the Mono-Project and started out some time in the early 2000s? See http://linux.die.net/man/1/chktrust

]]> By: Anonymous https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-55 Fri, 15 Apr 2011 17:36:44 +0000 https://grey-panther.net/?p=681#comment-55 the last part is incorrect,the modified_executable should be the first signedata section of the pkcs7 block.

openssl smime -verify -in signature.der -content modified_executable -inform DER -binary

]]> By: web development Dubai https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-400 Wed, 13 May 2009 12:46:16 +0000 https://grey-panther.net/?p=681#comment-400 I tryed the WinVerifyTrust function, but it doesn’t work properly (the function returs TRUST_E_SUBJECT_NOT_TRUSTED when verifying “notepad.exe” file).
Even SignTool.exe from Microsoft doesn’t recognizes “notepad.exe” file.
SigCheck.exe from SysInternals is the only one I found so far that recognizes exe files like notepad.exe, explorer.exe as being signed by Microsoft.
Does anyone have any idea how this can be done?
Thanks!

]]> By: Cd-MaN https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-404 Wed, 06 May 2009 04:13:21 +0000 https://grey-panther.net/?p=681#comment-404 @Nick Carlon: that was my choice. From what I hear, there is a Microsoft API to do this, but I don’t know the details (and I’ve heard about it from a friend who struggled to get it working).

]]> By: Nick Carlon https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-405 Wed, 06 May 2009 04:07:15 +0000 https://grey-panther.net/?p=681#comment-405 Manual coding is the only option for step 2?

]]> By: Anonymous https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-668 Tue, 30 Sep 2008 14:29:24 +0000 https://grey-panther.net/?p=681#comment-668 After I published my post, Microsoft has published a detailed document explaining Authenticode:

http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx

If you want to write your own utility to calculate the hash used by Authenticode, I recommend you use the pefile Python module.
http://code.google.com/p/pefile/

There is an open-source signcode utility, called osslsigncode:
http://sourceforge.net/projects/osslsigncode/
But the last version doesn’t support signature verification yet.

]]> By: Cd-MaN https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-669 Tue, 30 Sep 2008 11:07:58 +0000 https://grey-panther.net/?p=681#comment-669 Not easily, because it uses a set of internal libraries and I would have to publish those too…

Sorry.

]]> By: Anonymous https://grey-panther.net/2008/09/how-to-verify-executable-digital-signatures-under-linux.html#comment-670 Tue, 30 Sep 2008 11:07:16 +0000 https://grey-panther.net/?p=681#comment-670 Very interesting! Can you post the perl code how to calculate hash, excluding 3 fields?

]]>