堆栈内存溢出
  简体   繁体   English

使用OpenSSL API验证Authenticode签名的可执行文件和DLL

[英]Verifying Authenticode signed executables and DLLs using OpenSSL API

 原文  2012-10-16 06:58:12       c/ cryptography/ openssl/ rsa/ authenticode

问题描述

I have installed openssl and now the rsa_test.c is running fine. 我已经安装了openssl ,现在rsa_test.c运行正常。 What I want to do is: 我想做的是:

  1. Open any exe or dll digital certificate. 打开任何exe或dll数字证书。 Extract the Thumbprint and PublicKey . 提取指纹PublicKey The public key contains the exponent too (if you are familiar with ASN1 encoding). 公钥也包含指数 (如果您熟悉ASN1编码)。

  2. Now I have already calculated SHA-1 hash of the file and compared it to the MD field to find it correct. 现在我已经计算了文件的SHA-1哈希,并将其与MD字段进行比较,以确定它是否正确。 So now I want to pass the Thumbprint , PublicKey->m and PublicKey->e to RSA_public_decrypt function to calculate the decrypted SHA-1 hash of the file. 所以现在我想将ThumbprintPublicKey-> mPublicKey-> e传递给RSA_public_decrypt函数来计算文件的解密SHA-1哈希值。

What Padding Algorithm should I pass to the function? 我应该将哪种填充算法传递给函数? When I pass RSA_NO_PADDING , it decrypts but give me the 128-bytes long hash which is not at all correct. 当我传递RSA_NO_PADDING时 ,它会解密,但会给我128字节长的哈希,这根本不正确。 For all other padding algorithm options it returns the error of padding not found. 对于所有其他填充算法选项,它返回未找到填充的错误。

Would you please teach me or tell me the correct parameters to pass through the function with an example or good link to example? 你能教我或者告诉我通过这个函数传递函数的正确参数吗?

1 个解决方案

解决方案1
 1 已采纳  2012-10-16 22:06:12

You should use the PKCS7_verify function to verify the whole PKCS #7 signedData block. 您应该使用PKCS7_verify函数来验证整个PKCS#7 signedData块。

You need two steps to completely verify the signature (see Microsoft specs ): 您需要两个步骤来完全验证签名(请参阅Microsoft规范 ):

  1. Verify the integrity and identity of the PKCS #7 signature. 验证PKCS#7签名的完整性和身份。
  2. Calculate the Message Digest and compare it to the one specified in the signature. 计算消息摘要并将其与签名中指定的消息摘要进行比较。

Note that the digest is not limited to SHA-1 in the specs. 请注意,摘要不限于规范中的SHA-1。 The digest algorithm is contained in digestAlgorithm field in the signature. 摘要算法包含在签名中的digestAlgorithm字段中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 验证使用 OpenSSL 和 BearSSL 创建的签名 - Verifying signature created using OpenSSL with BearSSL 使用openssl库验证自签名/过期证书不会返回错误 - Verifying self-signed/expired certificate with openssl library does not return error 无法在Java中验证OpenSSL签名 - OpenSSL signatures not verifying in Java openssl无法正确验证签名 - openssl not verifying signature correctly 使用C程序验证使用私钥签名的摘要 - verifying digest signed with private key using a C program Windows API Authenticode获得根证书 - Windows API authenticode get root certificate 如何在Visual Studio中测试已编译的DLL(或生成多个可执行文件)? - How to test compiled DLLs in Visual Studio (or produce several executables)? openssl解密已签名和加密的消息 - openssl decrypt a signed & encrypted message 静态链接OpenSSL尝试加载DLL - Statically linking OpenSSL is trying to load DLLs 使用OpenSSL API将.crt转换为.pem - Converting .crt to .pem using OpenSSL API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM