{"id":21525642,"url":"https://github.com/0xlane/pe-sign","last_synced_at":"2025-04-05T12:02:04.929Z","repository":{"id":256178049,"uuid":"848231621","full_name":"0xlane/pe-sign","owner":"0xlane","description":"A cross-platform rust no-std library for verifying and extracting signature information from PE files.","archived":false,"fork":false,"pushed_at":"2024-12-02T03:47:24.000Z","size":1273,"stargazers_count":51,"open_issues_count":1,"forks_count":15,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-29T11:03:45.411Z","etag":null,"topics":["blue-team","certificate","openssl","portable-executable","rust","signature"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xlane.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-27T11:35:48.000Z","updated_at":"2025-03-27T03:29:50.000Z","dependencies_parsed_at":"2025-01-15T01:17:10.830Z","dependency_job_id":"1ff2f738-ec6f-4ea7-91da-c2978466425e","html_url":"https://github.com/0xlane/pe-sign","commit_stats":null,"previous_names":["0xlane/pe-sign"],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xlane%2Fpe-sign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xlane%2Fpe-sign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xlane%2Fpe-sign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xlane%2Fpe-sign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xlane","download_url":"https://codeload.github.com/0xlane/pe-sign/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247332556,"owners_count":20921853,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","certificate","openssl","portable-executable","rust","signature"],"created_at":"2024-11-24T01:37:52.560Z","updated_at":"2025-04-05T12:02:04.905Z","avatar_url":"https://github.com/0xlane.png","language":"Rust","funding_links":[],"categories":["Recently Updated","Libraries"],"sub_categories":["[Dec 04, 2024](/content/2024/12/04/README.md)","Parsing"],"readme":"# pe-sign\n\n![language](https://img.shields.io/github/languages/top/0xlane/pe-sign)\n![Crates.io Version](https://img.shields.io/crates/v/pe-sign)\n![License](https://img.shields.io/badge/license-MIT-green)\n[![dependency status](https://deps.rs/repo/github/0xlane/pe-sign/status.svg)](https://deps.rs/repo/github/0xlane/pe-sign)\n[![docs.rs](https://img.shields.io/docsrs/pe-sign)](https://docs.rs/pe-sign/latest/pesign)\n![Crates.io Size](https://img.shields.io/crates/size/pe-sign)\n[![Crates.io Total Downloads](https://img.shields.io/crates/d/pe-sign)](https://crates.io/crates/pe-sign)\n\n[README](README.md) | [中文文档](README_zh.md)\n\n`pe-sign` is a cross-platform tool developed in Rust, designed for parsing and verifying digital signatures in PE files. It provides a simple command-line interface that supports extracting certificates, verifying digital signatures, calculating Authenticode digests, and printing certificate information. It can be used as a standalone command-line tool or integrated into your Rust project as a dependency.\n\nThis project is based on the pe-sign command-line tool from repository [windows_pe_signature_research](https://github.com/0xlane/windows_pe_signature_research), with the OpenSSL dependency removed.\n\n## Features\n\n- **Extract Certificates**: Extract certificates from PE files.\n- **Verify Signatures**: Check the validity of a PE file's digital signature.\n- **Calculate Authenticode Digest**: Compute the Authenticode digest of a PE file.\n- **Print Certificate Information**: Display detailed information about certificates in PE files.\n- **Print Signer Information**: Show detailed signer information from PE files.\n\n## CLI Tool\n\n### Installation\n\nDownload the binary for your platform from the [`Releases`](https://github.com/0xlane/pe-sign/releases) page. On Linux and macOS, you can place it in the `/bin` directory or add it to the `PATH` environment variable. On Windows, you can place it in `C:\\Windows\\System32` or add it to the `PATH` environment variable.\n\nAlternatively, if you have `Cargo` installed, you can easily install it by running `cargo install pe-sign -F build-binary`.\n\n### Usage\n\n```powershell\npe-sign (0.1.10) - REinject\nA tool for parsing and verifing PE file signatures\n\nRepository: https://github.com/0xlane/pe-sign\n\nCommands:\n  extract  Extract the certificate of a PE file\n  verify   Check the digital signature of a PE file for validity\n  calc     Calculate the authticode digest of a PE file\n  print    Print the certificate information of a PE file.\n  help     Print this message or the help of the given subcommand(s)\n\nOptions:\n  -h, --help     Print help\n  -V, --version  Print version\n```\n\n#### Extracting the Signature Certificate\n\n```powershell\nExtract the certificate of a PE file\n\nUsage: pesign.exe extract [OPTIONS] \u003cFILE\u003e\n\nArguments:\n  \u003cFILE\u003e\n\nOptions:\n  -o, --output \u003cFILE\u003e  Write to file instead of stdout\n      --pem            Extract and convert certificate to pem format\n      --embed          Extract embedded certificate\n  -h, --help           Print help\n```\n\nYou can also output the results using pipes and redirection in addition to the `-o` option. Example:\n\n```powershell\npesign.exe extract test.exe --pem \u003e pkcs7.cer\npesign.exe extract test.exe --pem | openssl pkcs7 -inform PEM --print_certs -noout -text\n```\n\nNote: When using pipes or redirection in PowerShell, must include the ``--pem`` flag. Otherwise, the output DER binary data will be interpreted as a string by PowerShell.\n\n#### Printing Certificate Information\n\nThe command-line tool provides an OpenSSL-like `--print_certs` feature, which outputs a similar format to OpenSSL:\n\n```powershell\nPrint the certificate information of a PE file.\n\nUsage: pesign.exe print [OPTIONS] \u003cFILE\u003e\n\nArguments:\n  \u003cFILE\u003e\n\nOptions:\n      --signer-info  Print the signer info of a PE file.\n  -a, --all          Include nested signature.\n  -h, --help         Print help\n```\n\nExample:\n\n```powershell\nPS C:\\dev\\pe-sign\u003e pesign.exe print .\\ProcessHacker.exe\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f\n        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA-1\n        Not Before: 2013-10-30 08:00:00 +08:00\n        Not After : 2017-01-04 20:00:00 +08:00\n        Subject: C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu\n        Subject Public Key Info:\n            Algorithm: RSA\n            Public-Key: (2048 bit)\n            Modulus:\n                00:cc:2e:a1:52:49:09:cc:22:ef:34:43:dc:41:a6:98:a0:1f:0f:69:\n                1a:33:b2:92:a5:73:26:4e:1d:b9:e2:ab:c4:46:e1:3e:f9:24:c2:f6:\n                ...\n                ...\n            Exponent: 65537 (0x10001)\n        Extensions:\n            Authority Key Identifier:\n                97:48:03:eb:15:08:6b:b9:b2:58:23:cc:94:2e:f1:c6:65:d2:64:8e\n            Subject Key Identifier:\n                2c:b8:9a:96:b2:c1:b1:a0:7d:a4:90:20:19:b8:be:05:58:df:2c:78\n            Key Usage:\n                Digital Signature\n            Extended Key Usage:\n                Code Signing\n            CRL Distribution Points:\n                Full Name:\n                    URI:http://crl3.digicert.com/ha-cs-2011a.crl\n                Full Name:\n                    URI:http://crl4.digicert.com/ha-cs-2011a.crl\n            Certificate Policies: \u003cUnsupported\u003e\n            Authority Information Access:\n                OCSP - URI:http://ocsp.digicert.com\n                CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt\n            Basic Constraints:\n                ca:FALSE\n    Signature Algorithm: Sha1WithRSA\n    Signature Value:\n            88:f1:59:8a:6a:8a:6c:49:04:64:67:70:02:14:76:57:3d:57:c2:f9:\n            cb:88:78:6e:82:3a:63:12:f7:c9:0b:57:8b:13:16:b0:69:d7:67:0f:\n            ...\n            ...\n\n...\n...\n```\n\nAdditionally, use the `--signer-info` option to print signer information. Example:\n\n```powershell\nPS C:\\dev\\pe-sign\u003e pesign.exe print .\\ProcessHacker.exe --signer-info\nSigner Info:\n    Signer Identifier:\n        Issuer And Serial Number:\n            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA-1\n            Serial Number:\n                0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f\n    Authenticated Attributes:\n        1.3.6.1.4.1.311.2.1.12:\n            30:00\n        1.2.840.113549.1.9.3:\n            06:0a:2b:06:01:04:01:82:37:02:01:04\n        1.3.6.1.4.1.311.2.1.11:\n            30:0c:06:0a:2b:06:01:04:01:82:37:02:01:15\n        1.2.840.113549.1.9.4:\n            04:14:f4:23:ed:d4:63:5b:6b:ea:f3:c8:ca:9c:de:5d:db:5f:8b:1a:\n            ba:20\n    Unauthenticated Attributes:\n        Counter Signature (1.2.840.113549.1.9.6):\n            30:82:01:f8:02:01:01:30:76:30:62:31:0b:30:09:06:03:55:04:06:\n            13:02:55:53:31:15:30:13:06:03:55:04:0a:13:0c:44:69:67:69:43:\n            ...\n            ...\n        1.3.6.1.4.1.311.2.4.1:\n            30:82:1c:23:06:09:2a:86:48:86:f7:0d:01:07:02:a0:82:1c:14:30:\n            82:1c:10:02:01:01:31:0f:30:0d:06:09:60:86:48:01:65:03:04:02:\n            ...\n            ...\n    Countersigner Info:\n        Signer Info:\n            Signer Identifier:\n                Issuer And Serial Number:\n                    Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA-1\n                    Serial Number:\n                        03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66\n            Authenticated Attributes:\n                1.2.840.113549.1.9.3:\n                    06:09:2a:86:48:86:f7:0d:01:07:01\n                Signing Time (1.2.840.113549.1.9.5):\n                    2016-03-29 09:35:02 +08:00\n                1.2.840.113549.1.9.4:\n                    04:14:d4:11:7e:ce:3a:3f:29:91:7d:e3:f0:55:fe:32:a2:11:b0:c9:\n                    c5:ac\n            Digest Algorithm: Sha1\n            Encrypted Digest:\n                02:d1:d6:d2:ec:f6:cb:7a:4b:a4:29:01:ab:77:48:e9:d5:bf:0f:6c:\n                bd:b7:d6:86:11:24:e8:cf:ba:32:ab:12:40:be:31:e7:d6:16:c5:52:\n                ...\n                ...\n    Digest Algorithm: Sha1\n    Encrypted Digest:\n        46:3d:97:37:67:9d:12:4e:80:cf:a1:df:98:10:8d:a8:39:3e:5e:db:\n        28:c3:28:c9:d7:a7:48:22:2d:a8:4c:1e:40:e9:72:63:fd:04:7a:e9:\n        ...\n        ...\n```\n\n#### Verifying the Signature\n\nThe tool also verifies the validity of PE file signatures:\n\n```powershell\nCheck the digital signature of a PE file for validity\n\nUsage: pesign.exe verify [OPTIONS] \u003cFILE\u003e\n\nArguments:\n  \u003cFILE\u003e\n\nOptions:\n      --no-check-time   Ignore certificate validity time\n      --ca-file \u003cFILE\u003e  Trusted certificates file\n      --embed           Verify embedded certificate\n  -h, --help            Print help\n```\n\nUse the `--no-check-time` option to skip the time validity check. And use the `--ca-file` option to specify a PEM-formatted trusted CA certificate file. If not specified, it will use the default built-in ca certificates for verification.\n\n## Library Integration\n\nYou can also integrate `pe-sign` into your project as a dependency. Add it using the following command:\n\n```rust\ncargo add pe-sign\n```\n\nThen use `pesign` and parse PE file sigature to `PeSign` struct in `main.rs`:\n\n```rust\nuse pesign::PeSign;\n\nfn main() {\n    if let Some(pesign) = PeSign::from_pe_path(\"test.exe\").unwrap() {\n        // Add your program logic.\n    } else {\n        println!(\"The file is no signed!!\");\n    }\n}\n```\n\nFor more details, please refer to the crate [documentation](https://docs.rs/pe-sign/latest/pesign).\n\n## Contribution\n\nIf you find any issues or have suggestions for new features, feel free to submit an [Issue](https://github.com/0xlane/pe-sign/issues) or create a Pull Request.\n\n## Repository\n\nYou can view the project's source code here: [pe-sign GitHub Repository](https://github.com/0xlane/pe-sign).\n\n## License\n\nThis project is open-source under the MIT License. For more details, see the [LICENSE](https://github.com/0xlane/pe-sign/blob/main/LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xlane%2Fpe-sign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xlane%2Fpe-sign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xlane%2Fpe-sign/lists"}