uthenticode
uthenticode copied to clipboard
A cross-platform library for verifying Authenticode signatures
Support for extracting certificate features like sign date, expire date, sign algorithm, thumbprint, sign key, cert hash , certdata values etc.
These are easy enough to extract with `X509_get0_notBefore` and `X509_get0_notAfter`. Each returns an `ASN1_TIME *`, which can be dumped to a BIO using `ASN1_TIME_print`.
`svcli` should learn an `-x`, `--extract` flag or similar to dump all of the `SignedData` blobs it encounters. This would make it easier to use `openssl asn1parse` and other command-line...
Instead of just archiving each build's `build` directory and attaching these to the release, we should run the `install` target and archive the install tree.
We'll never support verification against the trusted publishers store, but we *could* support verification against a *particular* user-supplied certificate. That way, users could at least do full-chain verification of binaries...
In addition to the signature and certificate chain, we should also verify the timestamp signature embedded in each Authenticode SignedData. Documentation for these is a little inconsistent, but they seem...
If we detect page hashes embedded in the Authenticode data, we should verify them as well.
It appears as if `makecert` writes Windows-style `wchar_t*` into these fields verbatim instead of encoding them as, say, UTF-8. This is an issue as it will lead to the strings...
Hi, wanted to bring another point to your attention. I think you are technically missing an `#include ` in `uthenticode.h` between `` and ``. This doesn't cause an issue because...
Testing out trunk check on a C++ repo.