[尝试使用cryptography从PE文件中提取证书时,它失败,并显示ValueError: Unable to load certificate。我可以使用subprocess和openssl命令行从同一PE文件中正确提取证书。我想了解使用cryptography的代码版本出了什么问题。
我正在使用Python 3.7.1,加密2.4.2和pefile 2018.8.8
import pefile
from cryptography import x509
from cryptography.hazmat.backends import default_backend
pe = pefile.PE(fname)
pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']])
sigoff = 0
siglen = 0
for s in pe.__structures__:
if s.name == 'IMAGE_DIRECTORY_ENTRY_SECURITY':
sigoff = s.VirtualAddress
siglen = s.Size
pe.close()
with open(fname, 'rb') as fh:
fh.seek(sigoff)
thesig = fh.read(siglen)
cert = x509.load_der_x509_certificate(thesig[8:], default_backend())
此操作失败,并显示ValueError: Unable to load certificate
问题是签名是PKCS7对象。 MS已将其记录在Word中。我还没有找到PDF版本...
因此,您需要首先解析PKCS7对象。我为此使用asn1crypto。
这对我有用:
import pefile
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from asn1crypto import cms
pe = pefile.PE(fname)
sigoff = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].VirtualAddress
siglen = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].Size
pe.close()
with open(fname, 'rb') as fh:
fh.seek(sigoff)
thesig = fh.read(siglen)
signature = cms.ContentInfo.load(thesig[8:])
for cert in signature["content"]["certificates"]:
parsed_cert = x509.load_der_x509_certificate(cert.dump(), default_backend())
print(parsed_cert)