How can I extract Signatures data from a Windows `exe` file under Linux using cli

On Linux there's a tool called osslsigncode which can process Windows Authenticode signatures. Verifying a binary's signature produces output similar to what you show in your example; on a vcredist_x86.exe I have to hand I get:

$ osslsigncode verify vcredist_x86.exe
Current PE checksum   : 004136A1
Calculated PE checksum: 004136A1

Message digest algorithm  : SHA1
Current message digest    : 0A9F10FB285BA0064B5537023F8BC9E06E173801
Calculated message digest : 0A9F10FB285BA0064B5537023F8BC9E06E173801

Signature verification: ok

Number of signers: 1
        Signer #0:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA

Number of certificates: 7
        Cert #0:
                Subject: /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
        Cert #1:
                Subject: /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
        Cert #2:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
        Cert #3:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
        Cert #4:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=nCipher DSE ESN:D8A9-CFCC-579C/CN=Microsoft Timestamping Service
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
        Cert #5:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=nCipher DSE ESN:10D8-5847-CBF8/CN=Microsoft Timestamping Service
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
        Cert #6:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
                Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority

Succeeded

You can also extract the signature:

osslsigncode extract-signature vcredist_x86.exe vcredist_x86.sig

Tags:

Windows

Executable

Signature

Recent Posts