使用OpenSSL API验证Authenti code签署可执行文件和DLL [英] Verifying Authenticode signed executables and DLLs using OpenSSL API

问题描述

我已经安装了的OpenSSL ，现在在 rsa_test.c 运行良好。我想要做的是：

I have installed openssl and now the rsa_test.c is running fine. What I want to do is:

1. 打开任何EXE或DLL数字证书。提取的指纹和公钥即可。
   公钥包含指数太（如果你熟悉ASN1编码）。

1. Open any exe or dll digital certificate. Extract the Thumbprint and PublicKey. The public key contains the exponent too (if you are familiar with ASN1 encoding).

现在我已经计算出的 SHA-1文件的散，它相比，MD领域找到它正确的。所以现在我想通过在指纹 PublicKey-> M 和 PublicKey->电子为 RSA_public_decrypt 功能计算解密 SHA-1 文件的哈希值。

Now I have already calculated SHA-1 hash of the file and compared it to the MD field to find it correct. So now I want to pass the Thumbprint, PublicKey->m and PublicKey->e to RSA_public_decrypt function to calculate the decrypted SHA-1 hash of the file.

什么填充算法我要传递给函数？当我通过 RSA_NO_PADDING ，它解密，但给我的128字节长哈希值是不正确的。对于所有其他填充算法选项返回填充的错误没有找到。

What Padding Algorithm should I pass to the function? When I pass RSA_NO_PADDING, it decrypts but give me the 128-bytes long hash which is not at all correct. For all other padding algorithm options it returns the error of padding not found.

请你教教我，或告诉我正确的参数通过函数传递一个例子还是不错的链接，例如？

Would you please teach me or tell me the correct parameters to pass through the function with an example or good link to example?

推荐答案

您应该使用 PKCS7_verify 函数来验证整个PKCS＃7签名数据块。

You should use the PKCS7_verify function to verify the whole PKCS #7 signedData block.

您需要两个步骤来完全验证签名（见微软规格）

You need two steps to completely verify the signature (see Microsoft specs):

1. 验证PKCS＃7签名的完整性和身份。


2. 计算消息摘要，并将其与在签名中指定的。

注意，该摘要不规格限于SHA-1。摘要算法包含在digestAlgorithm领域中的签名。

Note that the digest is not limited to SHA-1 in the specs. The digest algorithm is contained in digestAlgorithm field in the signature.

这篇关于使用OpenSSL API验证Authenti code签署可执行文件和DLL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！