extract multiple signatures

[chscf]

Hello all,

I have a file (a Windows driver) that holds two signatures, one from Microsoft, one from Symantec. When I use extract-signature I get a pkcs7 file that contains only one of the signatures (the one from Microsoft). Is it possible to extract both signatures to a pkcs7 file?

Thanks and best regards, Christian

[olszomal]

Hi, I could not replicate this issue. Did you use osslsigncode extract-signature with the default DER format of the output file? Could you check the obtained pkcs7 file with an openssl ASN.1 parsing tool: tail -c +9 sign.der | openssl asn1parse -i -inform der or openssl asn1parse -i -inform pem -in sign.pem to make sure that this pkcs7 file only contains one of the signatures.

What about signature verification? Does osslsigncode verify work as expected?

[chscf]

Hi, thanks for the reply!

What I did was to extract the signature in PEM format with osslsigncode extract-signature, and then openssl pkcs7 -in SISIDSRegDrv.sys.p7 -print_certs -noout This does not print all of the certificates in the signature (it's a nested signature I think), so I thought the signatures were not extracted completely (also I tried to use PKCS7_get0_signers, with the intention to get all signers from the p7 structure; but this also gave me only one signer...). However, with openssl asn1parse -i -inform pem -in SISIDSRegDrv.sys.p7 I can see that both signatures are there, so everything is OK I think.

Sorry for the inconvenience, ticket can be closed.

Thanks and best regards, Christian