Sample code for 30+ languages & platforms
C#

Verify Authenticode Signature of EXE or DLL

See more Code Signing Examples

Demonstrates how to verify an Authenticode signed EXE or DLL.

Note: Chilkat's code signing class was added in v9.5.0.97

Chilkat C# Downloads

C#
//  This example requires the Chilkat API to have been previously unlocked.
//  See Global Unlock Sample for sample code.

//  You can verify a signed DLL or EXE.
string path = "c:/someDir/something.dll";

//  The verify method returns an overall indicator of whether
//  the EXE or DLL can be trusted or not.
//  The details of the signature are emitted to the JSON object
//  passed in the last argument.

Chilkat.JsonObject json = new Chilkat.JsonObject();
json.EmitCompact = false;

Chilkat.CodeSign validator = new Chilkat.CodeSign();
bool valid = validator.VerifySignature(path,json);
if (valid == false) {
    //  Validation failed.
    Debug.WriteLine(validator.LastErrorText);
    //  You can also examine the details of the validation (see below)
    Debug.WriteLine(json.Emit());
    return;
}

//  Examine the details of the Authenticode signature
//  println json.Emit();

//  An example of the JSON details of an authenticode signature, with selected parsing code, is shown below.
//  
//  Use this online tool to generate parsing code from sample JSON: 
//  Generate Parsing Code from JSON

//  {
//    "pkcs7": {
//      "verify": {
//        "peFile": {
//          "hashOid": "2.16.840.1.101.3.4.2.1",
//          "hash": "q9tzWEcea8f8kaMXG8LpWNPe9JIW7aKccYWuL3mrCBw="
//        },
//        "certs": [
//          {
//            "issuerCN": "AAA Certificate Services",
//            "serial": "48FC93B46055948D36A7C98A89D69416"
//          },
//          {
//            "issuerCN": "Sectigo Public Code Signing Root R46",
//            "serial": "621D6D0C52019E3B9079152089211C0A"
//          },
//          {
//            "issuerCN": "Sectigo Public Code Signing CA R36",
//            "serial": "3FF5B69109BFD4046C92CC0D18EE23C2"
//          }
//        ],
//        "digestAlgorithms": [
//          "sha256"
//        ],
//        "signerInfo": [
//          {
//            "cert": {
//              "serialNumber": "3FF5B69109BFD4046C92CC0D18EE23C2",
//              "issuerCN": "Sectigo Public Code Signing CA R36",
//              "digestAlgOid": "2.16.840.1.101.3.4.2.1",
//              "digestAlgName": "SHA256"
//            },
//            "contentType": "1.3.6.1.4.1.311.2.1.4",
//            "messageDigest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4=",
//            "signingAlgOid": "1.2.840.113549.1.1.1",
//            "signingAlgName": "RSA-PKCSV-1_5",
//            "authAttr": {
//              "1.3.6.1.4.1.311.2.1.12": {
//                "der": "MAA="
//              },
//              "1.2.840.113549.1.9.3": {
//                "name": "contentType",
//                "oid": "1.3.6.1.4.1.311.2.1.4"
//              },
//              "1.3.6.1.4.1.311.2.1.11": {
//                "der": "MAwGCisGAQQBgjcCARU="
//              },
//              "1.2.840.113549.1.9.4": {
//                "name": "messageDigest",
//                "digest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4="
//              }
//            },
//            "unauthAttr": {
//              "1.3.6.1.4.1.311.3.3.1": {
//                "name": "timestampToken",
//                "der": "MIIXJwY ... QZej",
//                "verify": {
//                  "digestAlgorithms": [
//                    "sha256"
//                  ],
//                  "signerInfo": [
//                    {
//                      "cert": {
//                        "serialNumber": "0544AFF3949D0839A6BFDB3F5FE56116",
//                        "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
//                        "digestAlgOid": "2.16.840.1.101.3.4.2.1",
//                        "digestAlgName": "SHA256"
//                      },
//                      "contentType": "1.2.840.113549.1.9.16.1.4",
//                      "signingTime": "240117124047Z",
//                      "messageDigest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM=",
//                      "signingAlgOid": "1.2.840.113549.1.1.1",
//                      "signingAlgName": "RSA-PKCSV-1_5",
//                      "authAttr": {
//                        "1.2.840.113549.1.9.3": {
//                          "name": "contentType",
//                          "oid": "1.2.840.113549.1.9.16.1.4"
//                        },
//                        "1.2.840.113549.1.9.5": {
//                          "name": "signingTime",
//                          "utctime": "240117124047Z"
//                        },
//                        "1.2.840.113549.1.9.16.2.12": {
//                          "name": "signingCertificate",
//                          "der": "MBowGDAWBBRm8CsywsLJD4JdzqqKycZPGZzPQA=="
//                        },
//                        "1.2.840.113549.1.9.4": {
//                          "name": "messageDigest",
//                          "digest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM="
//                        },
//                        "1.2.840.113549.1.9.16.2.47": {
//                          "name": "signingCertificateV2",
//                          "der": "MCYwJDAiBCDS9uRt7XQizNHUQFdoQTZvgoraVZquMxavTRqa1Ax4KA=="
//                        }
//                      }
//                    }
//                  ],
//                  "uncommonOptions": "NO_SIGCERTV2_OID,NoSigningCertV2IssuerSerial"
//                },
//                "timestampSignatureVerified": true,
//                "tstInfo": {
//                  "tsaPolicyId": "2.16.840.1.114412.7.1",
//                  "messageImprint": {
//                    "hashAlg": "sha256",
//                    "digest": "JqY7U+30qScMnRQwnDfUYEikZwOLHMhKX0oo5zo4ils=",
//                    "digestMatches": true
//                  },
//                  "serialNumber": "6E4597E574BC909213565DAEBC0E4888",
//                  "genTime": "20240117124047Z"
//                }
//              }
//            }
//          }
//        ],
//        "pkcs7": {
//          "verify": {
//            "certs": [
//              {
//                "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
//                "serial": "0544AFF3949D0839A6BFDB3F5FE56116"
//              },
//              {
//                "issuerCN": "DigiCert Trusted Root G4",
//                "serial": "073637B724547CD847ACFD28662A5E5B"
//              },
//              {
//                "issuerCN": "DigiCert Assured ID Root CA",
//                "serial": "0E9B188EF9D02DE7EFDB50E20840185A"
//              }
//            ]
//          }
//        }
//      }
//    }
//  }

string issuerCN;
string serial;
Chilkat.DtObj genTime = new Chilkat.DtObj();
Chilkat.CkDateTime dt = new Chilkat.CkDateTime();

//  Show the certificates embedded in the PKCS7 signature.
Debug.WriteLine("Certificates contained in the PKCS7 signature:");
int i = 0;
int count_i = json.SizeOfArray("pkcs7.verify.certs");
while (i < count_i) {
    json.I = i;
    issuerCN = json.StringOf("pkcs7.verify.certs[i].issuerCN");
    serial = json.StringOf("pkcs7.verify.certs[i].serial");
    Debug.WriteLine(issuerCN + ", " + serial);
    i = i + 1;
}

//  Show details about the signing certificate(s)
int numSigners = json.SizeOfArray("pkcs7.verify.signerInfo");
i = 0;
while (i < numSigners) {
    json.I = i;
    Debug.WriteLine("---- Signing Certificate ----");
    Debug.WriteLine("serial number: " + json.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber"));
    Debug.WriteLine("issuerCN: " + json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN"));
    Debug.WriteLine("hash algorithm: " + json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName"));
    Debug.WriteLine("signing algorithm: " + json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName"));

    //  If this signature includes a timestamp token, get information about it.
    if (json.HasMember("pkcs7.verify.signerInfo[i].unauthAttr.\"1.3.6.1.4.1.311.3.3.1\"") == true) {
        //  We're going to assume the timestamp token had only 1 signer..
        Debug.WriteLine("--- Timestamp Token ----");
        Debug.WriteLine("TS hash algorithm: " + json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.\"1.3.6.1.4.1.311.3.3.1\".verify.digestAlgorithms[0]"));
        Debug.WriteLine("TS certificate serial: " + json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.\"1.3.6.1.4.1.311.3.3.1\".verify.signerInfo[0].cert.serialNumber"));
        Debug.WriteLine("TS certificate issuerCN: " + json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.\"1.3.6.1.4.1.311.3.3.1\".verify.signerInfo[0].cert.issuerCN"));
        Debug.WriteLine("timestamp signature verified: " + Convert.ToString(json.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.\"1.3.6.1.4.1.311.3.3.1\".timestampSignatureVerified")));
        json.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.\"1.3.6.1.4.1.311.3.3.1\".tstInfo.genTime",false,genTime);
        dt.SetFromDtObj(genTime);
        Debug.WriteLine("timestamp date/time: " + dt.GetAsRfc822(true));
    }

    i = i + 1;
}

Debug.WriteLine("The Authenticode signature is valid.");

//  Sample output:

//  Certificates contained in the PKCS7 signature:
//  AAA Certificate Services, 48FC93B46055948D36A7C98A89D69416
//  Sectigo Public Code Signing Root R46, 621D6D0C52019E3B9079152089211C0A
//  Sectigo Public Code Signing CA R36, 3FF5B69109BFD4046C92CC0D18EE23C2
//  ---- Signing Certificate ----
//  serial number: 3FF5B69109BFD4046C92CC0D18EE23C2
//  issuerCN: Sectigo Public Code Signing CA R36
//  hash algorithm: SHA256
//  signing algorithm: RSA-PKCSV-1_5
//  --- Timestamp Token ----
//  TS hash algorithm: sha256
//  TS certificate serial: 0544AFF3949D0839A6BFDB3F5FE56116
//  TS certificate issuerCN: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
//  timestamp signature verified: True
//  timestamp date/time: Wed, 17 Jan 2024 06:40:47 -0600
//  The Authenticode signature is valid.