Commit f369839
committed
scripts: Add cryptographic verification to authenticode transplant
Add full cryptographic verification of PKCS#7 Authenticode signatures
in authenticode_transplant.py. This includes:
- Extract and verify PE hash from SpcIndirectDataContent against the
computed Authenticode hash using the signature's own hash algorithm
- Cryptographically verify signer signatures (RSA PKCS1v15 and ECDSA)
against authenticated attributes
- Extract and display X.509 certificate details (subject, issuer,
serial, validity) during verify and combine operations
- Refactor calculate_authenticode_hash to compute_authenticode_hash
supporting multiple hash algorithms (SHA1, SHA256, SHA384, SHA512)
- Add cryptography==43.0.0 dependency and update pyasn1 to 0.6.2
Signed-off-by: Doug Flick <dougflick@microsoft.com>1 parent 570d0ce commit f369839
2 files changed
Lines changed: 459 additions & 57 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
| 8 | + | |
0 commit comments