Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0xlane/pe-sign
A cross-platform rust no-std library for verifying and extracting signature information from PE files.
https://github.com/0xlane/pe-sign
blue-team certificate openssl portable-executable rust signature
Last synced: 4 days ago
JSON representation
A cross-platform rust no-std library for verifying and extracting signature information from PE files.
- Host: GitHub
- URL: https://github.com/0xlane/pe-sign
- Owner: 0xlane
- License: mit
- Created: 2024-08-27T11:35:48.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-12-02T03:47:24.000Z (about 2 months ago)
- Last Synced: 2025-01-08T00:09:42.058Z (11 days ago)
- Topics: blue-team, certificate, openssl, portable-executable, rust, signature
- Language: Rust
- Homepage:
- Size: 1.21 MB
- Stars: 45
- Watchers: 3
- Forks: 13
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- trackawesomelist - 0xlane/pe-sign (⭐30) - sign\]](https://crates.io/crates/pe-sign) - A cross-platform rust no-std library for verifying and extracting signature information from PE files. [![crates.io](https://img.shields.io/crates/v/pe-sign)](https://crates.io/crates/pe-sign) [![build](https://github.com/0xlane/pe-sign/actions/workflows/rust.yml/badge.svg)](https://github.com/0xlane/pe-sign/actions/workflows/rust.yml) (Recently Updated / [Dec 04, 2024](/content/2024/12/04/README.md))
README
# pe-sign
![language](https://img.shields.io/github/languages/top/0xlane/pe-sign)
![Crates.io Version](https://img.shields.io/crates/v/pe-sign)
![License](https://img.shields.io/badge/license-MIT-green)
[![dependency status](https://deps.rs/repo/github/0xlane/pe-sign/status.svg)](https://deps.rs/repo/github/0xlane/pe-sign)
[![docs.rs](https://img.shields.io/docsrs/pe-sign)](https://docs.rs/pe-sign/latest/pesign)
![Crates.io Size](https://img.shields.io/crates/size/pe-sign)
[![Crates.io Total Downloads](https://img.shields.io/crates/d/pe-sign)](https://crates.io/crates/pe-sign)[README](README.md) | [中文文档](README_zh.md)
`pe-sign` is a cross-platform tool developed in Rust, designed for parsing and verifying digital signatures in PE files. It provides a simple command-line interface that supports extracting certificates, verifying digital signatures, calculating Authenticode digests, and printing certificate information. It can be used as a standalone command-line tool or integrated into your Rust project as a dependency.
This project is based on the pe-sign command-line tool from repository [windows_pe_signature_research](https://github.com/0xlane/windows_pe_signature_research), with the OpenSSL dependency removed.
## Features
- **Extract Certificates**: Extract certificates from PE files.
- **Verify Signatures**: Check the validity of a PE file's digital signature.
- **Calculate Authenticode Digest**: Compute the Authenticode digest of a PE file.
- **Print Certificate Information**: Display detailed information about certificates in PE files.
- **Print Signer Information**: Show detailed signer information from PE files.## CLI Tool
### Installation
Download the binary for your platform from the [`Releases`](https://github.com/0xlane/pe-sign/releases) page. On Linux and macOS, you can place it in the `/bin` directory or add it to the `PATH` environment variable. On Windows, you can place it in `C:\Windows\System32` or add it to the `PATH` environment variable.
Alternatively, if you have `Cargo` installed, you can easily install it by running `cargo install pe-sign -F build-binary`.
### Usage
```powershell
pe-sign (0.1.10) - REinject
A tool for parsing and verifing PE file signaturesRepository: https://github.com/0xlane/pe-sign
Commands:
extract Extract the certificate of a PE file
verify Check the digital signature of a PE file for validity
calc Calculate the authticode digest of a PE file
print Print the certificate information of a PE file.
help Print this message or the help of the given subcommand(s)Options:
-h, --help Print help
-V, --version Print version
```#### Extracting the Signature Certificate
```powershell
Extract the certificate of a PE fileUsage: pesign.exe extract [OPTIONS]
Arguments:
Options:
-o, --output Write to file instead of stdout
--pem Extract and convert certificate to pem format
--embed Extract embedded certificate
-h, --help Print help
```You can also output the results using pipes and redirection in addition to the `-o` option. Example:
```powershell
pesign.exe extract test.exe --pem > pkcs7.cer
pesign.exe extract test.exe --pem | openssl pkcs7 -inform PEM --print_certs -noout -text
```Note: When using pipes or redirection in PowerShell, must include the ``--pem`` flag. Otherwise, the output DER binary data will be interpreted as a string by PowerShell.
#### Printing Certificate Information
The command-line tool provides an OpenSSL-like `--print_certs` feature, which outputs a similar format to OpenSSL:
```powershell
Print the certificate information of a PE file.Usage: pesign.exe print [OPTIONS]
Arguments:
Options:
--signer-info Print the signer info of a PE file.
-a, --all Include nested signature.
-h, --help Print help
```Example:
```powershell
PS C:\dev\pe-sign> pesign.exe print .\ProcessHacker.exe
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA-1
Not Before: 2013-10-30 08:00:00 +08:00
Not After : 2017-01-04 20:00:00 +08:00
Subject: C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu
Subject Public Key Info:
Algorithm: RSA
Public-Key: (2048 bit)
Modulus:
00:cc:2e:a1:52:49:09:cc:22:ef:34:43:dc:41:a6:98:a0:1f:0f:69:
1a:33:b2:92:a5:73:26:4e:1d:b9:e2:ab:c4:46:e1:3e:f9:24:c2:f6:
...
...
Exponent: 65537 (0x10001)
Extensions:
Authority Key Identifier:
97:48:03:eb:15:08:6b:b9:b2:58:23:cc:94:2e:f1:c6:65:d2:64:8e
Subject Key Identifier:
2c:b8:9a:96:b2:c1:b1:a0:7d:a4:90:20:19:b8:be:05:58:df:2c:78
Key Usage:
Digital Signature
Extended Key Usage:
Code Signing
CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/ha-cs-2011a.crl
Full Name:
URI:http://crl4.digicert.com/ha-cs-2011a.crl
Certificate Policies:
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt
Basic Constraints:
ca:FALSE
Signature Algorithm: Sha1WithRSA
Signature Value:
88:f1:59:8a:6a:8a:6c:49:04:64:67:70:02:14:76:57:3d:57:c2:f9:
cb:88:78:6e:82:3a:63:12:f7:c9:0b:57:8b:13:16:b0:69:d7:67:0f:
...
......
...
```Additionally, use the `--signer-info` option to print signer information. Example:
```powershell
PS C:\dev\pe-sign> pesign.exe print .\ProcessHacker.exe --signer-info
Signer Info:
Signer Identifier:
Issuer And Serial Number:
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA-1
Serial Number:
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Authenticated Attributes:
1.3.6.1.4.1.311.2.1.12:
30:00
1.2.840.113549.1.9.3:
06:0a:2b:06:01:04:01:82:37:02:01:04
1.3.6.1.4.1.311.2.1.11:
30:0c:06:0a:2b:06:01:04:01:82:37:02:01:15
1.2.840.113549.1.9.4:
04:14:f4:23:ed:d4:63:5b:6b:ea:f3:c8:ca:9c:de:5d:db:5f:8b:1a:
ba:20
Unauthenticated Attributes:
Counter Signature (1.2.840.113549.1.9.6):
30:82:01:f8:02:01:01:30:76:30:62:31:0b:30:09:06:03:55:04:06:
13:02:55:53:31:15:30:13:06:03:55:04:0a:13:0c:44:69:67:69:43:
...
...
1.3.6.1.4.1.311.2.4.1:
30:82:1c:23:06:09:2a:86:48:86:f7:0d:01:07:02:a0:82:1c:14:30:
82:1c:10:02:01:01:31:0f:30:0d:06:09:60:86:48:01:65:03:04:02:
...
...
Countersigner Info:
Signer Info:
Signer Identifier:
Issuer And Serial Number:
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA-1
Serial Number:
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Authenticated Attributes:
1.2.840.113549.1.9.3:
06:09:2a:86:48:86:f7:0d:01:07:01
Signing Time (1.2.840.113549.1.9.5):
2016-03-29 09:35:02 +08:00
1.2.840.113549.1.9.4:
04:14:d4:11:7e:ce:3a:3f:29:91:7d:e3:f0:55:fe:32:a2:11:b0:c9:
c5:ac
Digest Algorithm: Sha1
Encrypted Digest:
02:d1:d6:d2:ec:f6:cb:7a:4b:a4:29:01:ab:77:48:e9:d5:bf:0f:6c:
bd:b7:d6:86:11:24:e8:cf:ba:32:ab:12:40:be:31:e7:d6:16:c5:52:
...
...
Digest Algorithm: Sha1
Encrypted Digest:
46:3d:97:37:67:9d:12:4e:80:cf:a1:df:98:10:8d:a8:39:3e:5e:db:
28:c3:28:c9:d7:a7:48:22:2d:a8:4c:1e:40:e9:72:63:fd:04:7a:e9:
...
...
```#### Verifying the Signature
The tool also verifies the validity of PE file signatures:
```powershell
Check the digital signature of a PE file for validityUsage: pesign.exe verify [OPTIONS]
Arguments:
Options:
--no-check-time Ignore certificate validity time
--ca-file Trusted certificates file
--embed Verify embedded certificate
-h, --help Print help
```Use the `--no-check-time` option to skip the time validity check. And use the `--ca-file` option to specify a PEM-formatted trusted CA certificate file. If not specified, it will use the default built-in ca certificates for verification.
## Library Integration
You can also integrate `pe-sign` into your project as a dependency. Add it using the following command:
```rust
cargo add pe-sign
```Then use `pesign` and parse PE file sigature to `PeSign` struct in `main.rs`:
```rust
use pesign::PeSign;fn main() {
if let Some(pesign) = PeSign::from_pe_path("test.exe").unwrap() {
// Add your program logic.
} else {
println!("The file is no signed!!");
}
}
```For more details, please refer to the crate [documentation](https://docs.rs/pe-sign/latest/pesign).
## Contribution
If you find any issues or have suggestions for new features, feel free to submit an [Issue](https://github.com/0xlane/pe-sign/issues) or create a Pull Request.
## Repository
You can view the project's source code here: [pe-sign GitHub Repository](https://github.com/0xlane/pe-sign).
## License
This project is open-source under the MIT License. For more details, see the [LICENSE](https://github.com/0xlane/pe-sign/blob/main/LICENSE) file.