Skip to content

Automatically exported from code.google.com/p/verify-sigs

License

Notifications You must be signed in to change notification settings

sebdraven/verify-sigs

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ABSTRACT

verify_sigs contains library functions to compute and validate hashes on different file types, and signatures on PECOFF Authenticode-signed binaries.

DEPENDENCIES

You need pyasn1 == 0.13b or >= pyasn1-0.1.4rc4 and Cryptography to parse and validate signatures. libssl-dev To exercise some demonstrator code, you may need pefile. Cryptograpy: https://cryptography.io pyasn1: http://pyasn1.sourceforge.net/ pefile: https://github.com/erocarrera/pefile

DETAILS

Currently the following hashing methods are supported:

  • generic files: md5, sha1, sha256, sha512
  • PE-COFF authenticode (windows executables, drivers, dll's, ...): md5, sha1

fingerprint.py The actual library of hashing algorithms, deployable as library and on 'naked' client systems, running under python 2.7. See embedded docstrings and tests for usage scenarios. Does not use third party libraries.

fingerprinter_test.py Set of tests on the fingerprinter, using pregenerated data.

generate_test_data.py Run-once code supposed to be run by hand, creates some of the files in test_data, that then need to be checked in.

auth_data.py Basic container for authenticode data, as represented in ASN.1 together with accessor and validator functions. Currently provides limited validation, in particular certificate chain validation is missing.

auth_data_test.py Set of tests on auth_data, assuring that pregenerated data still produces the same reuslts.

pecoff_blob.py Container for PECOFF format part of authenticode blobs, as provided by the fingerprinter library in the SignedData structure.

print_pe_certs.py Exercises authenticode validation routines, prints out hashes and certs.

THANKS

Many thanks to Darren and Michael for motivating me to work through tangled standards. Many thanks to Ero for pefile, and to Ilya Etingof for pyasn1, very useful examples code for x509 and pkcs7 parsing, and finally for extending the parser to handle 'any' type!

Germano Caronni, 2012/4/26 [email protected] , [email protected]

About

Automatically exported from code.google.com/p/verify-sigs

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%