How to get algorithm field from signed PE PKCS#7 block
up vote
3
down vote
favorite
I've got PKCS#7
content extracted from PE file.
The first part before the certificate chain (goes from the beginning up to the cert:
label), contains info about the file integrity.
In particular, the hash that matches the file hash and the algorithm that use to generate this hash (worth FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
and sha1
correspondingly on the example listed below).
I'm using openssl
and I'd like to extract the hash algorithm type from the X509
format. I tried something like printing md_algs struct from debugger, and hopefully find the field algorithm
worth 1.3.14.3.2.26
but that's what I saw..
p *(Pkcs7->d.sign->md_algs)
(stack_st_X509_ALGOR) $6 = {
stack = {
num = 1
data = 0x00000001024457f0
sorted = 0
num_alloc = 4
comp = 0x0000000000000000
}
}
Where can I see the algorithm field ?
P.s. here's the relevant part of the pkcs7 struct :
PKCS7:
type: pkcs7-signedData (1.2.840.113549.1.7.2)
d.sign:
version: 1
md_algs:
algorithm: sha1 (1.3.14.3.2.26)
parameter: NULL
contents:
type: undefined (1.3.6.1.4.1.311.2.1.4)
d.other: SEQUENCE:
0:d=0 hl=2 l= 60 cons: SEQUENCE
2:d=1 hl=2 l= 23 cons: SEQUENCE
4:d=2 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.2.1.15
16:d=2 hl=2 l= 9 cons: SEQUENCE
18:d=3 hl=2 l= 1 prim: BIT STRING
21:d=3 hl=2 l= 4 cons: cont [ 0 ]
23:d=4 hl=2 l= 2 cons: cont [ 2 ]
25:d=5 hl=2 l= 0 prim: cont [ 0 ]
27:d=1 hl=2 l= 33 cons: SEQUENCE
29:d=2 hl=2 l= 9 cons: SEQUENCE
31:d=3 hl=2 l= 5 prim: OBJECT :sha1
38:d=3 hl=2 l= 0 prim: NULL
40:d=2 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
cert:
cert_info:
...
thanks
encryption openssl sha pkcs#7 asn1
add a comment |
up vote
3
down vote
favorite
I've got PKCS#7
content extracted from PE file.
The first part before the certificate chain (goes from the beginning up to the cert:
label), contains info about the file integrity.
In particular, the hash that matches the file hash and the algorithm that use to generate this hash (worth FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
and sha1
correspondingly on the example listed below).
I'm using openssl
and I'd like to extract the hash algorithm type from the X509
format. I tried something like printing md_algs struct from debugger, and hopefully find the field algorithm
worth 1.3.14.3.2.26
but that's what I saw..
p *(Pkcs7->d.sign->md_algs)
(stack_st_X509_ALGOR) $6 = {
stack = {
num = 1
data = 0x00000001024457f0
sorted = 0
num_alloc = 4
comp = 0x0000000000000000
}
}
Where can I see the algorithm field ?
P.s. here's the relevant part of the pkcs7 struct :
PKCS7:
type: pkcs7-signedData (1.2.840.113549.1.7.2)
d.sign:
version: 1
md_algs:
algorithm: sha1 (1.3.14.3.2.26)
parameter: NULL
contents:
type: undefined (1.3.6.1.4.1.311.2.1.4)
d.other: SEQUENCE:
0:d=0 hl=2 l= 60 cons: SEQUENCE
2:d=1 hl=2 l= 23 cons: SEQUENCE
4:d=2 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.2.1.15
16:d=2 hl=2 l= 9 cons: SEQUENCE
18:d=3 hl=2 l= 1 prim: BIT STRING
21:d=3 hl=2 l= 4 cons: cont [ 0 ]
23:d=4 hl=2 l= 2 cons: cont [ 2 ]
25:d=5 hl=2 l= 0 prim: cont [ 0 ]
27:d=1 hl=2 l= 33 cons: SEQUENCE
29:d=2 hl=2 l= 9 cons: SEQUENCE
31:d=3 hl=2 l= 5 prim: OBJECT :sha1
38:d=3 hl=2 l= 0 prim: NULL
40:d=2 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
cert:
cert_info:
...
thanks
encryption openssl sha pkcs#7 asn1
add a comment |
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I've got PKCS#7
content extracted from PE file.
The first part before the certificate chain (goes from the beginning up to the cert:
label), contains info about the file integrity.
In particular, the hash that matches the file hash and the algorithm that use to generate this hash (worth FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
and sha1
correspondingly on the example listed below).
I'm using openssl
and I'd like to extract the hash algorithm type from the X509
format. I tried something like printing md_algs struct from debugger, and hopefully find the field algorithm
worth 1.3.14.3.2.26
but that's what I saw..
p *(Pkcs7->d.sign->md_algs)
(stack_st_X509_ALGOR) $6 = {
stack = {
num = 1
data = 0x00000001024457f0
sorted = 0
num_alloc = 4
comp = 0x0000000000000000
}
}
Where can I see the algorithm field ?
P.s. here's the relevant part of the pkcs7 struct :
PKCS7:
type: pkcs7-signedData (1.2.840.113549.1.7.2)
d.sign:
version: 1
md_algs:
algorithm: sha1 (1.3.14.3.2.26)
parameter: NULL
contents:
type: undefined (1.3.6.1.4.1.311.2.1.4)
d.other: SEQUENCE:
0:d=0 hl=2 l= 60 cons: SEQUENCE
2:d=1 hl=2 l= 23 cons: SEQUENCE
4:d=2 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.2.1.15
16:d=2 hl=2 l= 9 cons: SEQUENCE
18:d=3 hl=2 l= 1 prim: BIT STRING
21:d=3 hl=2 l= 4 cons: cont [ 0 ]
23:d=4 hl=2 l= 2 cons: cont [ 2 ]
25:d=5 hl=2 l= 0 prim: cont [ 0 ]
27:d=1 hl=2 l= 33 cons: SEQUENCE
29:d=2 hl=2 l= 9 cons: SEQUENCE
31:d=3 hl=2 l= 5 prim: OBJECT :sha1
38:d=3 hl=2 l= 0 prim: NULL
40:d=2 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
cert:
cert_info:
...
thanks
encryption openssl sha pkcs#7 asn1
I've got PKCS#7
content extracted from PE file.
The first part before the certificate chain (goes from the beginning up to the cert:
label), contains info about the file integrity.
In particular, the hash that matches the file hash and the algorithm that use to generate this hash (worth FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
and sha1
correspondingly on the example listed below).
I'm using openssl
and I'd like to extract the hash algorithm type from the X509
format. I tried something like printing md_algs struct from debugger, and hopefully find the field algorithm
worth 1.3.14.3.2.26
but that's what I saw..
p *(Pkcs7->d.sign->md_algs)
(stack_st_X509_ALGOR) $6 = {
stack = {
num = 1
data = 0x00000001024457f0
sorted = 0
num_alloc = 4
comp = 0x0000000000000000
}
}
Where can I see the algorithm field ?
P.s. here's the relevant part of the pkcs7 struct :
PKCS7:
type: pkcs7-signedData (1.2.840.113549.1.7.2)
d.sign:
version: 1
md_algs:
algorithm: sha1 (1.3.14.3.2.26)
parameter: NULL
contents:
type: undefined (1.3.6.1.4.1.311.2.1.4)
d.other: SEQUENCE:
0:d=0 hl=2 l= 60 cons: SEQUENCE
2:d=1 hl=2 l= 23 cons: SEQUENCE
4:d=2 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.2.1.15
16:d=2 hl=2 l= 9 cons: SEQUENCE
18:d=3 hl=2 l= 1 prim: BIT STRING
21:d=3 hl=2 l= 4 cons: cont [ 0 ]
23:d=4 hl=2 l= 2 cons: cont [ 2 ]
25:d=5 hl=2 l= 0 prim: cont [ 0 ]
27:d=1 hl=2 l= 33 cons: SEQUENCE
29:d=2 hl=2 l= 9 cons: SEQUENCE
31:d=3 hl=2 l= 5 prim: OBJECT :sha1
38:d=3 hl=2 l= 0 prim: NULL
40:d=2 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:FA0FE65F973A5709DC04EE18ABEF353EBEFEA669
cert:
cert_info:
...
thanks
encryption openssl sha pkcs#7 asn1
encryption openssl sha pkcs#7 asn1
asked Nov 8 at 9:56
Zohar81
2,0161731
2,0161731
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
3
down vote
accepted
Defined in pkcs7.h
, the md_algs
attribute that you are inspecting is a stack of X509_ALGOR
instances:
typedef struct pkcs7_signed_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
It can be safely accessed via the OpenSSL Stack API, for example using the function sk_X509_ALGOR_value()
to inspect its element(s).
X509_ALGOR
itself is defined in x509.h
:
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
} /* X509_ALGOR */ ;
The information you are looking for is stored in the property algorithm
, which you can inspect using, for example, OBJ_obj2txt()
.
Tying it together, to get a textual representation of the first algorithm in the stack, you could do something like this:
char tbuf[20];
X509_ALGOR *algor = sk_X509_ALGOR_value(Pkcs7->d.sign->md_algs, 0);
int res = OBJ_obj2txt(tbuf, sizeof tbuf, algor->algorithm, 0);
After that, tbuf
should contain a value like "sha1"
and res
contains the length of that string. For programmatic purposes, a function like OBJ_obj2nid()
is probably more useful.
The debugger did not give you this information because the data
field in the stack
element is not strongly typed. You would have to cast it yourself to indicate that it is an array of pointers to X509_ALGOR
structs. The OpenSSL Stack API provides you a set of macros that do the casting for you and access the array that way. And then, the ASN1_OBJECT
that you end up with is hard to inspect or interpret in the debugger since it is just a bunch of bytes representing an object id in ASN.1
format.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
Defined in pkcs7.h
, the md_algs
attribute that you are inspecting is a stack of X509_ALGOR
instances:
typedef struct pkcs7_signed_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
It can be safely accessed via the OpenSSL Stack API, for example using the function sk_X509_ALGOR_value()
to inspect its element(s).
X509_ALGOR
itself is defined in x509.h
:
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
} /* X509_ALGOR */ ;
The information you are looking for is stored in the property algorithm
, which you can inspect using, for example, OBJ_obj2txt()
.
Tying it together, to get a textual representation of the first algorithm in the stack, you could do something like this:
char tbuf[20];
X509_ALGOR *algor = sk_X509_ALGOR_value(Pkcs7->d.sign->md_algs, 0);
int res = OBJ_obj2txt(tbuf, sizeof tbuf, algor->algorithm, 0);
After that, tbuf
should contain a value like "sha1"
and res
contains the length of that string. For programmatic purposes, a function like OBJ_obj2nid()
is probably more useful.
The debugger did not give you this information because the data
field in the stack
element is not strongly typed. You would have to cast it yourself to indicate that it is an array of pointers to X509_ALGOR
structs. The OpenSSL Stack API provides you a set of macros that do the casting for you and access the array that way. And then, the ASN1_OBJECT
that you end up with is hard to inspect or interpret in the debugger since it is just a bunch of bytes representing an object id in ASN.1
format.
add a comment |
up vote
3
down vote
accepted
Defined in pkcs7.h
, the md_algs
attribute that you are inspecting is a stack of X509_ALGOR
instances:
typedef struct pkcs7_signed_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
It can be safely accessed via the OpenSSL Stack API, for example using the function sk_X509_ALGOR_value()
to inspect its element(s).
X509_ALGOR
itself is defined in x509.h
:
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
} /* X509_ALGOR */ ;
The information you are looking for is stored in the property algorithm
, which you can inspect using, for example, OBJ_obj2txt()
.
Tying it together, to get a textual representation of the first algorithm in the stack, you could do something like this:
char tbuf[20];
X509_ALGOR *algor = sk_X509_ALGOR_value(Pkcs7->d.sign->md_algs, 0);
int res = OBJ_obj2txt(tbuf, sizeof tbuf, algor->algorithm, 0);
After that, tbuf
should contain a value like "sha1"
and res
contains the length of that string. For programmatic purposes, a function like OBJ_obj2nid()
is probably more useful.
The debugger did not give you this information because the data
field in the stack
element is not strongly typed. You would have to cast it yourself to indicate that it is an array of pointers to X509_ALGOR
structs. The OpenSSL Stack API provides you a set of macros that do the casting for you and access the array that way. And then, the ASN1_OBJECT
that you end up with is hard to inspect or interpret in the debugger since it is just a bunch of bytes representing an object id in ASN.1
format.
add a comment |
up vote
3
down vote
accepted
up vote
3
down vote
accepted
Defined in pkcs7.h
, the md_algs
attribute that you are inspecting is a stack of X509_ALGOR
instances:
typedef struct pkcs7_signed_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
It can be safely accessed via the OpenSSL Stack API, for example using the function sk_X509_ALGOR_value()
to inspect its element(s).
X509_ALGOR
itself is defined in x509.h
:
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
} /* X509_ALGOR */ ;
The information you are looking for is stored in the property algorithm
, which you can inspect using, for example, OBJ_obj2txt()
.
Tying it together, to get a textual representation of the first algorithm in the stack, you could do something like this:
char tbuf[20];
X509_ALGOR *algor = sk_X509_ALGOR_value(Pkcs7->d.sign->md_algs, 0);
int res = OBJ_obj2txt(tbuf, sizeof tbuf, algor->algorithm, 0);
After that, tbuf
should contain a value like "sha1"
and res
contains the length of that string. For programmatic purposes, a function like OBJ_obj2nid()
is probably more useful.
The debugger did not give you this information because the data
field in the stack
element is not strongly typed. You would have to cast it yourself to indicate that it is an array of pointers to X509_ALGOR
structs. The OpenSSL Stack API provides you a set of macros that do the casting for you and access the array that way. And then, the ASN1_OBJECT
that you end up with is hard to inspect or interpret in the debugger since it is just a bunch of bytes representing an object id in ASN.1
format.
Defined in pkcs7.h
, the md_algs
attribute that you are inspecting is a stack of X509_ALGOR
instances:
typedef struct pkcs7_signed_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
It can be safely accessed via the OpenSSL Stack API, for example using the function sk_X509_ALGOR_value()
to inspect its element(s).
X509_ALGOR
itself is defined in x509.h
:
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
} /* X509_ALGOR */ ;
The information you are looking for is stored in the property algorithm
, which you can inspect using, for example, OBJ_obj2txt()
.
Tying it together, to get a textual representation of the first algorithm in the stack, you could do something like this:
char tbuf[20];
X509_ALGOR *algor = sk_X509_ALGOR_value(Pkcs7->d.sign->md_algs, 0);
int res = OBJ_obj2txt(tbuf, sizeof tbuf, algor->algorithm, 0);
After that, tbuf
should contain a value like "sha1"
and res
contains the length of that string. For programmatic purposes, a function like OBJ_obj2nid()
is probably more useful.
The debugger did not give you this information because the data
field in the stack
element is not strongly typed. You would have to cast it yourself to indicate that it is an array of pointers to X509_ALGOR
structs. The OpenSSL Stack API provides you a set of macros that do the casting for you and access the array that way. And then, the ASN1_OBJECT
that you end up with is hard to inspect or interpret in the debugger since it is just a bunch of bytes representing an object id in ASN.1
format.
edited Nov 8 at 19:18
answered Nov 8 at 16:50
Reinier Torenbeek
8,95222845
8,95222845
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53205272%2fhow-to-get-algorithm-field-from-signed-pe-pkcs7-block%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown