Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monks,

After trying supersearch and google, I am at a loss. I am trying to fine a perl way of determining whether a file has an associated digital signature with it. I am running activestate perl 5.8, on windows 2000. I thought File::Ver or File::VersionInfo might be useful since digital info appears in the properties dialogs, but it doesn't seem to cover digital signatures. If an esteemed monks knows of a method or module that I could use, it would be greatly appreciated.

Jonathan

  • Comment on Digital signature on files....the perl way?

Replies are listed 'Best First'.
Re: Digital signature on files....the perl way?
by Jaap (Curate) on Mar 08, 2004 at 12:58 UTC
    Please forgive my ignorance, but what kind of "Digital Signature" are we talking about? Do you have a link to the homepage or an explanatory page?
[reply]
      Hi,
      All I'm interested in really, is garnering the digital signature information thats available when you right-click on a file for properties. If the file is digitally signed there will be some info contained under the digital signature tab. So in the same way that you can get the version number of a file, using File::Ver or File::VersionInfo, I was just wondering how to get this digital signature info.

      Jonathan

[reply]
Re: Digital signature on files....the perl way?
by John M. Dlugosz (Monsignor) on Mar 08, 2004 at 16:28 UTC
    I think you're talking about PE (executable) files. The VersionInfo is stored as a Resource. The digital signature is stored in a different (previously unused) fork in the PE file. If you look at the most primitive header-dump of a PE file, you'll see a table of pointers that includes a slot for the actual code, import/export table, resource, fixups, etc. The signature is one of those.
[reply]
Re: Digital signature on files....the perl way?
by NetWallah (Canon) on Mar 09, 2004 at 06:08 UTC
    You may want to check out WinPT, which is described as follows . I have not explored this software personally, but its description seems to meet your needs.

    1. What is WinPT?

    Windows Privacy Tools (WinPT) is a collection of multilingual applications for digital encryption and signing of content. WinPT is GnuPG−based, compatible with OpenPGP compliant software (like PGP) and free for commercial and personal use under the GPL. WinPT helps you protect your privacy. Applications included in WinPT run under the Windows operating system and include:

    • GnuPG − an RFC2440 (OpenPGP) compliant application free for personal and commercial use, under the terms of the GPL.
    • WinPT−GUI − a traybay application based that uses the Clipboard to let you encrypt, sign, decrypt and verify data; this is performed automatically for you when you select a menu option or via hotkeys. Also includes a key manager and file manager for file security operations;
    • WinPT Explorer Extensions − a component that extends the Windows Explorer context menus for files with single/multiple file security and wipe functions;
    • WinPT Outlook Express plugin − integration of inline signing, and encrypting/decrypting of email communications;
    • WinPT Passphrase Agent − a component to cache passphrases used by GnuPG.
    • WinPT cryptographic functionality relies on the GNU Privacy Guard (GnuPG). GnuPG was written by Werner Koch and is GNU Open Source.

    The goal of WinPT is to ease installation, integration and use of applications that implement the OpenPGP security standard. This means protecting your data quickly and easily, including but not limited to email, files, instant messaging and in general any data available through the clipboard or through the file system in Windows.

[reply]

Back to Seekers of Perl Wisdom