(Open-Source) OVCode Signer and Generator.

[root3d]

Open to possibilities
Any ideas for further development.
source:​

import os
import hashlib
import base64
import Crypto.PublicKey.RSA as RSA
import Crypto.Signature.pkcs1_15 as pkcs1_15
import Crypto.Hash as Hash

# Define supported file types
supported_types = ['.exe', '.dat', '.cab', '.xpi', '.dll', '.ocx']

# Define trusted certificate authorities
trusted_cas = ['VeriSign', 'Thawte', 'GlobalSign', 'DigiCert']

class CodeSignature:
    def __init__(self, file_path, certificate_authority):
        self.file_path = file_path
        self.certificate_authority = certificate_authority
        
        # Check if file type is supported
        if os.path.splitext(file_path)[1] not in supported_types:
            raise ValueError("File type not supported")
        
        # Check if certificate authority is trusted
        if certificate_authority not in trusted_cas:
            raise ValueError("Certificate authority not trusted")
        
        # Load private key for certificate authority
        self.private_key = RSA.import_key(open(certificate_authority + "_private.pem").read())
        
    def generate(self):
        # Calculate hash of file
        file_hash = hashlib.sha256()
        with open(self.file_path, "rb") as file:
            for chunk in iter(lambda: file.read(4096), b""):
                file_hash.update(chunk)
        file_hash = file_hash.hexdigest()
        
        # Sign hash with private key
        signature = pkcs1_15.new(self.private_key).sign(Hash.SHA256.new(file_hash.encode()))
        
        # Encode signature in base64
        encoded_signature = base64.b64encode(signature)
        
        # Write signature to file
        with open(self.file_path + ".sig", "w") as sig_file:
            sig_file.write(encoded_signature.decode())
    
    def verify(self):
        # Read signature from file
        with open(self.file_path + ".sig", "r") as sig_file:
            encoded_signature = sig_file.read().encode()
        signature = base64.b64decode(encoded_signature)
        
        # Load public key for certificate authority
        public_key = RSA.import_key(open(self.certificate_authority + "_public.pem").read())
        
        # Calculate hash of file
        file_hash = hashlib.sha256()
        with open(self.file_path, "rb") as file:
            for chunk in iter(lambda: file.read(4096), b""):
                file_hash.update(chunk)
        file_hash = file_hash.hexdigest().encode()
        
        # Verify signature with public key
        try:
            pkcs1_15.new(public_key).verify(Hash.SHA256.new(file_hash), signature)
            print("Signature is valid")
            return True
        except(ValueError,TypeError):
                print("Signature is not valid")
        return False

    def sign_file(file_path, certificate_authority):
        code_signature = CodeSignature(file_path, certificate_authority)
        code_signature.generate()
        return code_signature

    def verify_file(file_path, certificate_authority):
        code_signature = CodeSignature(file_path, certificate_authority)
        return code_signature.verify()

if __name__ == '__main__':
    # Sign a file
    file_path = input("Enter file path: ")
    certificate_authority = input("Enter certificate authority: ")
    sign_file(file_path, certificate_authority)

    # Verify a file
    file_path = input("Enter file path: ")
    certificate_authority = input("Enter certificate authority: ")
    verify_file(file_path, certificate_authority)

 

[root3d]

updates

 

[V3SP3R]

Good one. So basically you need to have your own copy of .pem file before using this script. Any better idea where one can self generate .pem file?

 

[root3d]

there are .pem files lying behind those engines.