1

尝试使用 . 从 PE 文件中提取证书时cryptography,失败并显示ValueError: Unable to load certificate. 我能够使用命令行从同一个 PE 文件中正确提取subprocess证书openssl。我想了解使用cryptography.

我正在使用 Python 3.7.1、密码学 2.4.2 和 pefile 2018.8.8

import pefile
from cryptography import x509
from cryptography.hazmat.backends import default_backend

pe = pefile.PE(fname)
pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']])
sigoff = 0
siglen = 0
for s in pe.__structures__:
    if s.name == 'IMAGE_DIRECTORY_ENTRY_SECURITY':
        sigoff = s.VirtualAddress
        siglen = s.Size
pe.close()
with open(fname, 'rb') as fh:
    fh.seek(sigoff)
    thesig = fh.read(siglen)
cert = x509.load_der_x509_certificate(thesig[8:], default_backend())

这失败了ValueError: Unable to load certificate

4

1 回答 1

2

问题是签名是一个 PKCS7 对象。MS 已将其记录在Word中。我还没有找到PDF版本...

所以需要先解析PKCS7对象。我为此使用asn1crypto

这对我有用:

import pefile
from cryptography import x509
from cryptography.hazmat.backends import default_backend

from asn1crypto import cms

pe = pefile.PE(fname)
sigoff = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].VirtualAddress
siglen = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].Size
pe.close()

with open(fname, 'rb') as fh:
    fh.seek(sigoff)
    thesig = fh.read(siglen)

signature = cms.ContentInfo.load(thesig[8:])

for cert in signature["content"]["certificates"]:
    parsed_cert = x509.load_der_x509_certificate(cert.dump(), default_backend())
    print(parsed_cert)
于 2019-12-01T12:04:18.683 回答