Thanks Jacob for an elaborate answer. Somehow I never received your response to my registered email address, hence delay in responding.
I have a few follow-up questions on your response. 1. So, "encryptedDigest" has no relation to the stored "messageDigest"? I thought it's a encrypted version of the messageDigest? 2. I agree that it's better to do cheaper checks first e.g. I am also matching PE checksum stored in the optional header. 3. spcPEImageData is probably relevant only for signing that uses page hashes? 4. PKCS7_verify is already matching the encryptedDigest, do we still need to validate it ourselves? 5. So, basically are are suggesting to look into the subject string and see if we can find patterns like /CN=COMPANY-NAME... issuer: /C=US/O=SIGNER_NAME....? How authoritative it is? I mean can someone else have same COMPANY-NAME and PATTERN-NAME in their certificate? In my case, I am the one who is signing the executable using my certificate and a "cross certificate" issued by Microsoft and I want to programmatically ensure following things. 1. Code is not tampered since it was signed (matching messageDigest with computed hash) 2. Verifying the digital signature (PKCS7_Verify) 3. Confirming that the executable is signed by my company certificate. I am stuck on part (3) and don't see a clean way apart from matching strings in subject field? If I hard-code the public key in my verification code, I will need to update it when I switch to a newer public key? Thanks. -Prasad On Sep 06, 2014, at 09:44 PM, Prasad Dabak <pda...@icloud.com> wrote:
Hello, Given a signed Windows portable executable, I want to programmatically verify two things using openssl APIs 1. Verify the digital signature. 2. Confirm that the executable is signed by a specific company using that company's public key. It seems that part (1) can be done by parsing the signedData attribute in the portable executable, extracting the hashing algorithm and digest stored there, re-computing the digest of the executable using the same hashing algorithm and match them. I have following questions. 1. The signData contains messageDigest (unencrypted) and encryptedDigest (encrypted). Is it enough to match messgaeDigest with the computed digest? OR we also need to decrypt the encryptedDigest using the company public key and match that as well? 2. What does PKCS7_Verify exactly do? I looked at https://www.openssl.org/docs/crypto/PKCS7_verify.html and I understand that it verifies certificate chain. However, it's not clear to me as to what exactly it does with respect to signature verification? 3. I am assuming that I require to do both (1) and (2) in order to verify the authenticode signature? 4. What is the best way to verify if the executable is signed by specific company using that company's public key? Any inputs will be greatly appreciated! Thanks. -Prasad
