Extracting a code signature

You can extract the DER-encoded PKCS#7 signature data from a signed file.

About this task

You can use the data found in the signature trailer to extract the DER-encoded PKCS#7 signature data from a signed file.

Procedure

  1. The following commands store the signature data:
    Define the signed file as a local variable:
    $ FILE="<file>"
  2. Calculate the length, L, of the signature:
    $ L=$(( $(tail -c 32 "$FILE" | hexdump -n 4 -ve '"0x%x"') ))
  3. Use the tail command to extract the signature, located at length + 40 bytes from the end of the file, and store it a file called signature.der:
    $ tail -c $(( L+40 )) "$FILE" > signature.der
  4. Optional: Display the extracted signature.
    Use the following openssl command to display the signature stored in signature.der:
    $ openssl cms -cmsout -print -noout \
                  -inform der -in signature.der