|
uthenticode
1.0.4-8145cd5
|
uthenticode (stylized as μthenticode) is a small cross-platform library for verifying Authenticode digital signatures.
Authenticode is Microsoft's code signing technology, designed to allow signing and verification of programs.
μthenticode is a cross-platform reimplementation of the verification side of Authenticode. It doesn't attempt to provide the signing side.
Because the official APIs (namely, the Wintrust API) for interacting with Authenticode signatures are baked deeply into Windows, making it difficult to verify signed Windows executables on non-Windows hosts.
Other available solutions are deficient:
Wintrust, but is a massive (and arguably non-native) dependency for a single task.osslsigncode can add signatures and check timestamps, but is long-abandoned and CLI-focused.μthenticode is not identical to the Wintrust API. Crucially, it cannot perform full-chain verifications of Authenticode signatures, as it lacks access to the Trusted Publishers store.
You should use μthenticode to verify the embedded chain. You should not assume that a "verified" binary from μthenticode's perspective will run on an unmodified Windows system.
μthenticode depends on pe-parse and OpenSSL 1.1.0.
pe-parse (and OpenSSL, if you don't already have it) can be installed via vcpkg:
The rest of the build is standard CMake:
If you have doxygen installed, you can build μthenticode's documentation with the top-level Makefile:
Pre-built (master) documentation is hosted here.
You can build the (gtest-based) unit tests with -DBUILD_TESTS=1.
μthenticode's public API is documented in uthenticode.h and in the Doxygen documentation (see above).
The svcli utility also provides a small example of using μthenticode's APIs. You can build it by passing -DBUILD_SVCLI=1 to cmake:
The following resources were essential to uthenticode's development:
osslsigncode codebase
1.8.13