This makes sense. Also, my goal is parsing rather than validation in the
step I'm working on. It's all potentially malware, so it may have malformed
data.
On Sat, Dec 29, 2018, 09:29 Paul Kehrer This is https://github.com/pyca/cryptography/issues/3856
>
> The cert inside the PKCS7 you gave has bo
This is https://github.com/pyca/cryptography/issues/3856
The cert inside the PKCS7 you gave has both CA False and a path length (of
0) set. That is technically invalid according to the RFC so the parser
rejects it. We've talked about how to resolve this in
https://github.com/pyca/cryptography/pull
I also am having trouble parsing the extensions of the attached cert using
the code above:
Traceback (most recent call last):
File "./extract_sigs.py", line 65, in
for extension in cert.extensions:
File "/root/sigs/lib/python3.7/site-packages/cryptography/utils.py", line
162, in inner
I do need all three certs. I do see what PKCS7_get0_signers does now.
On Wed, Dec 26, 2018 at 11:27 AM Paul Kehrer
wrote:
> We haven't had anyone request support for those legacy extension types,
> but if you think you need it feel free to file an issue and we can discuss
> adding it. The data c
We haven't had anyone request support for those legacy extension types, but
if you think you need it feel free to file an issue and we can discuss
adding it. The data can be parsed out of the UnknownExtension type right
now of course.
So you need all 3 certs? Only one of them is used for signing w
On a side note: there is one oid in the extensions of this cert that is
listed as unknown, but openssl parses it as:
Netscape Cert Type:
Object Signing
Is this something to submit a bug for?
Also, happy holidays!
On Tue, Dec 25, 2018 at 9:41 PM Robert Simmons wrote:
> Thanks for the help a
Thanks for the help above. However, I think I'm still missing something.
When piping the DER binary data to openssl on the command line, the output
appears to have three certificates in the example DER early in this thread.
The code above has a list for certs, but it appears to only contain one
cer
Great! I have an idea of how to implement an API for this limited subset of
pkcs7 as a utility function like the pkcs12 support we recently merged.
Hopefully I or someone else can get to it soon.
-Paul
> On Dec 23, 2018, at 6:32 PM, Robert Simmons wrote:
>
> This works great! Thanks!
>
>> On
This works great! Thanks!
On Sun, Dec 23, 2018 at 7:05 PM Paul Kehrer wrote:
> One day I will learn to run the code I write before I ask people to use
> it. The missing signers variable should go after the pkcs7 assignment. It
> looks like this:
>
> signers = backend._lib.PKCS7_get0_signers(pkcs
One day I will learn to run the code I write before I ask people to use it. The
missing signers variable should go after the pkcs7 assignment. It looks like
this:
signers = backend._lib.PKCS7_get0_signers(pkcs7, backend._ffi.NULL, 0)
With that in place and using the extracted.der you previously
import os
import pathlib
import pefile
target =
pathlib.Path().home().joinpath('Desktop').joinpath('HWID_4_0_6YMBWX.exe')
fname = str(target)
totsize = os.path.getsize(target)
pe = pefile.PE(fname)
pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']])
si
I've added the use case to the issue as requested. I tried the code
snippet, but the contents of signers is missing. What should that be?
NameError: name 'signers' is not defined
On Fri, Dec 21, 2018 at 11:21 AM Paul Kehrer
wrote:
> Out of curiosity, does the following code load the cert you ex
Out of curiosity, does the following code load the cert you expect? der
should be the bytes of extracted.der:
from cryptography.hazmat.backends.openssl.backend import backend
from cryptography.hazmat.backends.openssl import x509
bio = backend._bytes_to_bio(der)
pkcs7 = backend._lib.d2i_PKCS7_bio(
Thanks, that's perfect. Looking at this data it's actually a PKCS7 envelope
holding multiple certificates and at the moment cryptography unfortunately
has no interface for parsing PKCS7. If you wouldn't mind sharing your use
case directly on https://github.com/pyca/cryptography/issues/3983 then it
Definitely. I've attached the DER data as extracted from the PE file using
the following code:
pe = pefile.PE(fname)
pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']])
sigoff = 0
siglen = 0
for s in pe.__structures__:
if s.name == 'IMAGE_DIRECTORY
Could you give us an example (in hex or b64 or something) so we can easily
reproduce? Make sure any certs you're giving us don't contain sensitive
data of course.
-Paul
On December 19, 2018 at 11:55:04 PM, Robert Simmons (rsimmo...@gmail.com)
wrote:
I've asked this question on Stack Overflow he
16 matches
Mail list logo
