What to do if the file has multiple digital signatures？

send010 commented 2 years ago

secana commented 2 years ago

Hi @send010, do you have an example binary? If so, I can have a look at what options PeNet offers, or what is needed to the information you need.

send010 commented 2 years ago

File

mycode:

    public static List<X509Certificate2> GetSigningCertificates(this PeFile pefile)
    {
        var data = DecodeCertificateData(pefile.WinCertificate?.BCertificate.ToArray());
        var result = new List<X509Certificate2>();
        result.Add(pefile.Authenticode.SigningCertificate);
        foreach (var cert in data)
        {
            result.AddRange(GetNestedAuthenticodeDetails(cert));
        }
        return result;
    }

    public static IEnumerable<SignerInfo> DecodeCertificateData(byte[] rawData)
    {
        var orgCms = new SignedCms();
        orgCms.Decode(rawData);

        return orgCms.SignerInfos.Cast<SignerInfo>();
    }

    public static List<X509Certificate2> GetNestedAuthenticodeDetails(SignerInfo cert)
    {
        var result = new List<X509Certificate2>();
        List<CryptographicAttributeObject> data = new List<CryptographicAttributeObject>();
        foreach (var item in cert.UnsignedAttributes)
        {
            if (item.Oid.Value == "1.3.6.1.4.1.311.2.4.1")
            {
                data.Add(item);
            }
        }

        foreach (var item in data)
        {
            var CertificateList = DecodeCertificateData(item.Values[0].RawData);
            foreach (var item1 in CertificateList)
            {
                result.Add(item1.Certificate);
            }
        }
        return result;
    }

secana / PeNet

What to do if the file has multiple digital signatures？ #211