Hi,
These papers should help you with what you need to know to use the
OpenSSL with Authenticode on a Unix system.
OpenSSL PKCS#12 FAQ v1.81
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html#authenticode
http://www.drh-consultancy.demon.co.uk/pkcs12usg.html
I think however your best tool for this is going to be the cryplib
library:
-------------------------------
Certificate Management
cryptlib implements full X.509 certificate support, including all
X.509 version 3 extensions as well as extensions defined in the IETF
PKIX certificate profile. In addition cryptlib supports additional
certificate types and extensions including SET certificates, Microsoft
AuthentiCode and Netscape and Microsoft server-gated crypto
certificates, S/MIME and SSL client and server certificates, and
various vendorspecific extensions such as Netscape certificate types
and the Thawte secure extranet. In addition to certificate handling,
cryptlib allows the generation of PKCS #10 certification requests with
CMMF extensions suitable for submission to certification authorities
(CA’s) in order to obtain a certificate. Since cryptlib is itself
capable of
processing certification requests into certificates, it is also
possible to use cryptlib to provide full CA services. cryptlib can
import and export certification requests, certificates, and CRL’s in
straight binary format, as PKCS #7 certificate chains, and as Netscape
certificate sequences, with or without base64 armouring. This covers
the majority of certificate and certificate transport formats used by
a wide variety of software such as web
browsers and servers.
The certificate types which are supported include:
· Basic X.509 version 1 certificates
· Extended X.509 version 3 certificates
· SSL server and client certificates
· S/MIME email certificates
· SET certificiates
· AuthentiCode code signing certificates
· IPSEC server, client, end-user, and tunneling certificates
· Server-gated crypto certificates
· Timestamping certificates
In addition cryptlib supports all X.509v3, IETF, S/MIME, and SET
certificate
extensions and a many vendor-specific extensions including ones
covering public and private key usage, certificate policies, path and
name constraints, policy constraints and mappings, and alternative
names and other identifiers. This comprehensive coverage makes
cryptlib a single solution for almost all certificate processing
requirements.
--------------------------
You can find the PDF file this came from which describes just about
everything you want to know here :
http://www.netsw.org/crypto/toolkits/cryptlib-2.1-beta.manual.pdf
and the website for this is of course here :
http://www.netsw.org/crypto/toolkits/
Query
Authenticode +parse the certificates
Authenticode +"parse " +X.509 +timestamp
Thanks,
webadept-ga |
Request for Answer Clarification by
guanwen-ga
on
26 Nov 2002 17:59 PST
Thanks for the answering. However, it does not seem exactly what I
want, at least not straight forward to me. The first part of the
answer mentioned how to generate SPC files which can be used by
SignCode, but what I am interested is the output format of Signcode.
I just found another document that is closer to my question,
http://www.cs.auckland.ac.nz/~pgut001/pubs/authenticode.txt. I would
appreciate if somebody can translate it to a structure (e.g. C-style)
so that the offset and size of certificates and digest can be
determined clearly, as I stated earlier. More importantly, this
document does not mention the location and size of timestamp sections
(for example, generated by "Signcode -t
http://timestamp.verisign.com/scripts/timstamp.dll -x MyControl.exe")
yet.
Thanks.
|
Clarification of Answer by
webadept-ga
on
26 Nov 2002 19:08 PST
Hi,
As the paper you found suggests, the cryptlib library is what you are
looking for. It does all this for you, and is very complete. Perhaps
you should read the documentation a little more and look at the
library. If that is still not what you are looking for, or doesn't do
this function, then please write back and I'll try to show you how it
works. Writing out the code for you is beyond the scope of this
question. But I'll try to explain it if you can seriously not find the
answers in that tool. It's really a very extensive tool for working
with several different certs and not just authenticode.
If you are trying to forge a timestamp or a cert then I can't help you
with that at all, but from your original question I didn't feel you
were asking to do that, or to by-pass the cert in anyway.
Other links that might be helpful.
http://rr.sans.org/code/mobile.php
http://www.suitable.com/CodeSigningOverview.shtml
Creating Signed, Persistent Java Applets
http://www.ddj.com/documents/s=906/ddj9902h/9902h.htm
M. Erdos, B. Hartman and M. Mueller, “Security Reference Model for the
Java Developer's Kit 1.0.2,” white paper, Sun Microsystems, Palo Alto,
Calif., 1996; available at
http://java.sun.com/security/SRM.html
Joseph A. Bank, “Java Security”, MIT., 1995, available at
http://www-swiss.ai.mit.edu/~jbank/javapaper/javapaper.html
D. Dean, E. W. Felten and D. Wallach, “Java Security: From HotJava to
Netscape and Beyond”, Proceedings of 1996 IEEE Symposium on Security
and Privacy (Oakland,California), May 1996; available at
http://www.cs.princeton.edu/sip/pub/secure96.php3
Microsoft Corp, “Microsoft Security Bulletin MS02-013. 04 March 2002
Cumulative VM Update”, Microsoft TechNet, March 18, 2002; available at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-013.asp
Microsoft Corp, “MSDN – Creating, Viewing, and Managing Certificates”
, MSDN Library May 2002; available at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/Security/creating_viewing_and_managing_certificates.asp
D. Hopwood, “A Comparison between Java and ActiveX Security”, Network
Security; available at
http://www.users.zetnet.co.uk/hopwood/papers/compsec97.html
Microsoft Corp, “INFO: Steps for Signing a .cab File (Q247257)” , MSDN
Library July 2000; available at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q247257
D. Martin, S. Rajagopalan, and A.D. Rubin, “Blocking Java Applets at
the Firewall,” Proc. Internet Society Symp. Network and Distributed
System Security, 1997; available online at
http://www.cs.bu.edu/~dm/pubs/java-firewalls.pdf
D. Malkhi, M.K. Reiter, and A.D. Rubin, “Secure Execution of Java
Applets Using a Remote Playground,” Proc. IEEE Computer Society Symp.
Research in Security and Privacy, IEEE CS Press, Los Alamitos, Calif.,
1998, pp. 40-51. Available at
http://citeseer.nj.nec.com/cache/papers/cs/14965/http:zSzzSzwww.avirubin.comz
Szplayground.pdf/malkhi98secure.pdf
Andrew W. Appel, Edward W. Felten, Zhong Shao, “Scaling
Proof-Carrying Code to Production Compilers and Security Policies”,
Princeton University 2002, available at
http://www.cs.princeton.edu/sip/projects/pcc/whitepaper/
webadept-ga
|
Request for Answer Clarification by
guanwen-ga
on
04 Dec 2002 22:17 PST
Hi, webadept-ga,
I did try cryptlib by following its self-test example
"testCMSEnvelopeSignedDataImport".
Here is what I did:
file (a): A PKCS #7 example included in cryptlib, "smime1.p7s"
file (b): A PKCS #7 object retrieved from winzip81.exe
(www.winzip.com), offset 1B7008h to 1B84C7h, which is signed by
Authenticode.
Windows is able to parse both (a) and (b).
"testCMSEnvelopeSignedDataImport" in cryptlib is able to parse (a).
However, it shows an error message "cryptPushData() failed with error
code -32" (-32 means incorrect data) when reading (b).
Do you have any idea that I am on the wrong track, or that I
misconfigure it?
Thanks.
|
Clarification of Answer by
webadept-ga
on
04 Dec 2002 23:51 PST
Hi,
Got your message here and I'm doing some research. Have you read this
?
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ie/reskit/ie5/part1/ch04plat.asp
To help with this as well, since it looks like I need to roll up my
sleeves and get dirty :-) What exactly are you trying to do here?
Maybe we can find a solution that fixes the problem by other means.
Your question starts with
"I am trying to parse the certificates which are appended to the end
of
Microsoft PE or Cab files by Authenticode (or SignCode.exe). Since my
platform is a Unix, I can't call Win API like
"CryptVerifyMessageSignature", "WinVerifyTrust" to
retrieve certificates, nor Win program "ChkTrust.exe". "
So I am guessing that you are using IE for Unix? and want to verify
the certs before you install the cabs?
As for your CR you probably have something configured wrong, yes, and
a quick email to the author would be your best bet. However, let's not
over look the obvious and get into getting the library working if your
problem can be solved in another way. Try to give me as much
information as you can on what your final goal is, and what you are
really trying to do and I'll find the answer for you. It maybe simpler
than what we started out with here.
Write the author of the cryptlib at weidai@eskimo.com, as well, but
give me something to work with here as well.
thanks,
webadept-ga
|
Request for Answer Clarification by
guanwen-ga
on
05 Dec 2002 14:51 PST
Hi webadept-ga,
I guess Wei Dai is the author of "Crypto++ Library", not "cryptlib" we
are talking. I know Mr. Peter Gutmann, the author of Authenticode
reversed-engineering doc, works with cyrptlib, so I will ask him also.
Thanks for the help! I am not using the Unix version of IE, which I
doubt how long Microsoft is going to support. Anyway, my intention is
to have a Unix program that validates the certificates which come with
Microsoft executable (i.e. PE) or cab files before they are installed.
They are usually appended by Authenticode.
My logic to do so is
(1) To identify Authenticode block from PE or cab files
(2) To retrieve PKCS#7 object from the block
(3) To retrieve certificate (chain) from the PKCS#7 object
(4) To validate certificate (chain)
I am able to do (1) (2), and I believe (4) is not an issue. I have
trouble in (3). If a library can handle all of them, it is even
better! I wish I don't need to know these details. :-)
The technical information I have is covered either in my statement or
in your list. (let me know if you want to know more on (1)(2).)
For cryptlib, I am still confused
(a) the relation between S/MIME and Authenticode. S/MIME seems to be
used in email, and Authenticode is to sign a file. However, according
to cryptlib doc, Authenticode is a variant of S/MIME.
(b) cryptlib defines a special content type for Authenticode,
CRYPT_CONTENT_SPCINDIRECTDATACONTEXT. It menstions how to simulate
Authenticode to sign data by setting this content type, but I don't
see how to set this content type before parsing the PKCS#7 object from
either its document or the given self-test example. I am wondering it
might be able to recognize the content type automatically, but it
failed to do so in my experiment.
Therefore, I think the possible reasons are (I) I misconfigure it (II)
I use the wrong function (III) I give an invalid data object (IV)
cryptlib can not help on this.
(III) is less likely to me. If you follow my file (b) description in
the previous mail, save it with a extension name ".p7s", double click
it from Windows Explorer (my env is WIN2000 Professional), and you
will see Certificates Overview window, which is used to display
multiple certificates in a PKCS#7 structure.
Thanks.
|
Clarification of Answer by
webadept-ga
on
05 Dec 2002 17:28 PST
Quote:
-----
For cryptlib, I am still confused (a) the relation between S/MIME and
Authenticode. S/MIME seems to be used in email, and Authenticode is to
sign a file. However, according to cryptlib doc, Authenticode is a
variant of S/MIME.
-----
Yeah I read that last night as well and where you probably made a
sound something like "hmm" I made a sound something like "eek!", and
realized I was in the wrong area for what you were probably trying to
do. Since then I've been reading and so far I've nothing to show for
it except blood-shot eyes and a greater knowledge of Authenticode then
I ever wanted to posses.
We are quickly high-stepping past my understanding and ability to help
you with this. Every thing I read now has "But on Unix this doesn't
work" written somewhere inside it. I'm going to work a few hours on
this tonight but if I don't have something solid to give you by
morning I'm going to request that my answer get pulled. I'll take a
copy of our work so far, since it will be all pulled with the answer
and post it below as a comment, so that other researchers can see
where we have been and take it from there. There are a few good crypto
people in here and some good programmers as well, so there is a chance
that someone has been following this and knows something that might
help. Anyway, until the morning, maybe I'll come across something
before then.
Thanks,
webadept-ga
|
Request for Answer Clarification by
guanwen-ga
on
05 Dec 2002 20:20 PST
Hi webadept-ga,
No matter what the result is, your help is appreciated!
|
