Skip to content
/ uthenticode Public
forked from trailofbits/uthenticode

A cross-platform library for verifying Authenticode signatures

trailofbits.github.io/uthenticode/

License

MIT license
0 stars 33 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Malhad/uthenticode

BranchesTags
 
 

Repository files navigation

uthenticode

Build Status

uthenticode (stylized as μthenticode) is a small cross-platform library for verifying Authenticode digital signatures.

What?

Authenticode is Microsoft's code signing technology, designed to allow signing and verification of programs.

μthenticode is a cross-platform reimplementation of the verification side of Authenticode. It doesn't attempt to provide the signing side.

Why?

Because the official APIs (namely, the Wintrust API) for interacting with Authenticode signatures are baked deeply into Windows, making it difficult to verify signed Windows executables on non-Windows hosts.

Other available solutions are deficient:

  • WINE implements most of Wintrust, but is a massive (and arguably non-native) dependency for a single task.
  • osslsigncode can add signatures and check timestamps, but is long-abandoned and CLI-focused.

Beware!

μthenticode is not identical to the Wintrust API. Crucially, it cannot perform full-chain verifications of Authenticode signatures, as it lacks access to the Trusted Publishers store.

You should use μthenticode to verify the embedded chain. You should not assume that a "verified" binary from μthenticode's perspective will run on an unmodified Windows system.

Building

μthenticode depends on pe-parse and OpenSSL 1.1.0.

pe-parse (and OpenSSL, if you don't already have it) can be installed via vcpkg:

$ vcpkg install pe-parse

The rest of the build is standard CMake:

$ mkdir build && cd build
$ cmake ..
$ cmake --build .
# the default install prefix is the build directory;
# use CMAKE_INSTALL_PREFIX to modify it
$ cmake --build . --target install

If you have doxygen installed, you can build μthenticode's documentation with the top-level Makefile:

$ make doc

Pre-built (master) documentation is hosted here.

You can build the (gtest-based) unit tests with -DBUILD_TESTS=1.

Usage

μthenticode's public API is documented in uthenticode.h and in the Doxygen documentation (see above).

The svcli utility also provides a small example of using μthenticode's APIs. You can build it by passing -DBUILD_SVCLI=1 to cmake:

$ cmake -DBUILD_SVCLI=1 ..
$ cmake --build .
$ ./src/svcli/svcli /path/to/some.exe

Resources

The following resources were essential to uthenticode's development:

About

A cross-platform library for verifying Authenticode signatures

trailofbits.github.io/uthenticode/

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

17 tags

Packages

No packages published

Languages

  • C++ 84.1%
  • CMake 11.1%
  • Makefile 1.7%
  • Shell 1.6%
  • Dockerfile 1.5%