5

I need to extract the SignerInfo from the Authenticode of a digitally signed PE File in ASN1 structure.

INFO: A PE File contains the authenticode at the offset specified by Security Directory RVA inside Optional Header Data Directories. I have tried to start after reading the document available at Microsoft Authenticode PE Signature Format but no luck as I am very new to SSL/TSL.

My Question:

  1. Is there a way to parse through the binaries and print the data structure in C String Format?

  2. Is there any way in which I can parse through the given binaries and point to the SignerInfo or SignerName ?

NOTE: I do not want to use any platform dependent APIs as I want the code to be platform-independent.

Thanks in Advance to all Gurus :-)

UPDATE: I found a code in C#. Would anybody help me to find the C equivalent of the same.

using System;
using System.IO;
using System.Text;
using System.Security.Cryptography.X509Certificates;

public class CertInfo
{
 public static void Main(String[] args)
 {
    byte[] certBytes;
    X509Certificate x509cert;

    while (true)
    {
        Console.WriteLine("\nEnter File Name: ");
        String filename = Console.ReadLine();
        if (filename == "")  //exit while(true) loop
            break;
        if (!File.Exists(filename))
        {
            Console.WriteLine("File \"{0}\" does not exist!\n", filename);
            continue;
        }

        try
        {             //try binary DER format first
            x509cert = X509Certificate.CreateFromCertFile(filename);
            showCertInfo(x509cert);
        }

        catch (System.Security.Cryptography.CryptographicException cryptder)
        { //not binary DER
            StreamReader sr = File.OpenText(filename);
            String filestr = sr.ReadToEnd();
            sr.Close();
            StringBuilder sb = new StringBuilder(filestr);
            sb.Replace("-----BEGIN CERTIFICATE-----", "");
            sb.Replace("-----END CERTIFICATE-----", "");
            //Decode 
            try
            {        //see if the file is a valid Base64 encoded cert
                certBytes = Convert.FromBase64String(sb.ToString());
                x509cert = new X509Certificate(certBytes);
                showCertInfo(x509cert);
            }
            catch (System.FormatException formexc)
            {
                Console.WriteLine("Not valid binary DER or Base64 X509 certificate format");
            }
            catch (System.Security.Cryptography.CryptographicException cryptb64)
            {
                Console.WriteLine("Not valid binary DER or Base64 X509 certificate format");
            }
        }


    } // end while true
}

private static void showCertInfo(X509Certificate x509cert)
{
    Console.WriteLine("Name: " + x509cert.GetName());
    Console.WriteLine("Issuer: " + x509cert.GetIssuerName());
    Console.WriteLine("Serial Number: " + x509cert.GetSerialNumberString());
    Console.WriteLine("Expiration Date: " + x509cert.GetExpirationDateString());
    Console.WriteLine("PublicKey: " + x509cert.GetPublicKeyString());
}
}
Abhineet
  • 5,320
  • 1
  • 25
  • 43
  • http://stackoverflow.com/questions/1494372/asn-1-parser-in-c-python – fkl Jul 10 '12 at 08:06
  • 1
    @fayyazkl- I have already gone through the post you have referenced but it has not helped me a bit. I have also gone through the asn1c compiler. The compiler is not built to parse through an PE. – Abhineet Jul 10 '12 at 08:19
  • 1
    The code you found will show information inside a certificate. That's not the same thing as an Authenticode signature. The Authenticode signatures are also unrelated to SSL/TLS (except they both uses X.509 certificates). – poupou Jul 19 '12 at 19:05

0 Answers0