Parsing of multiple signatures from PE files #380

metthal · 2018-08-23T14:00:46Z

We currently do not parse the signatures from PE files the same way as described here.

We do not support multiple WIN_CERTIFICATE structures and also we do not support parsing of SPC_NESTED_SIGNATURE.

We already have an implementation of simple ASN1 parser so it can be used for the second case (maybe after some modifications).

The text was updated successfully, but these errors were encountered:

wxsBSD · 2018-08-23T19:39:08Z

I'm happy to provide samples that have multiple WIN_CERTIFICATE structures (they are EFI images signed by both MSFT and RHAT) if you don't have any.

metthal · 2018-08-23T19:43:19Z

I would really appreciate that. It would help a lot. Thank you.

wxsBSD · 2018-08-24T22:32:56Z

Sorry, didn’t see this response until just now. Send me an email and I’ll get you a zip of them!

PeterMatula · 2021-05-20T11:58:57Z

Solved in #902

metthal added C-fileformat C-fileinfo T-format-pe labels Aug 23, 2018

PeterMatula assigned HoundThe Jul 23, 2020

PeterMatula mentioned this issue Jul 23, 2020

Fix calculation of hash for Authenticode signatures #718

Closed

HoundThe mentioned this issue Jan 28, 2021

Add parsing of the PE Authenticode format #902

Merged

6 tasks

PeterMatula closed this as completed May 20, 2021

PeterMatula added a commit that referenced this issue May 20, 2021

CHANGELOG.md: add entry for #902 and #380

b374920

Provide feedback