Visual FoxPro
Visual FoxPro
Verify Authenticode Signature of EXE or DLL
See more Code Signing Examples
Demonstrates how to verify an Authenticode signed EXE or DLL.Note: Chilkat's code signing class was added in v9.5.0.97
Chilkat Visual FoxPro Downloads
LOCAL lcPath
LOCAL loJson
LOCAL loValidator
LOCAL lnValid
LOCAL lcIssuerCN
LOCAL lcSerial
LOCAL loGenTime
LOCAL loDt
LOCAL i
LOCAL lnCount_i
LOCAL lnNumSigners
* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
* You can verify a signed DLL or EXE.
lcPath = "c:/someDir/something.dll"
* The verify method returns an overall indicator of whether
* the EXE or DLL can be trusted or not.
* The details of the signature are emitted to the JSON object
* passed in the last argument.
loJson = CreateObject('Chilkat.JsonObject')
loJson.EmitCompact = 0
loValidator = CreateObject('Chilkat.CodeSign')
lnValid = loValidator.VerifySignature(lcPath,loJson)
IF (lnValid = 0) THEN
* Validation failed.
? loValidator.LastErrorText
* You can also examine the details of the validation (see below)
? loJson.Emit()
RELEASE loJson
RELEASE loValidator
CANCEL
ENDIF
* Examine the details of the Authenticode signature
* println json.Emit();
* An example of the JSON details of an authenticode signature, with selected parsing code, is shown below.
*
* Use this online tool to generate parsing code from sample JSON:
* Generate Parsing Code from JSON
* {
* "pkcs7": {
* "verify": {
* "peFile": {
* "hashOid": "2.16.840.1.101.3.4.2.1",
* "hash": "q9tzWEcea8f8kaMXG8LpWNPe9JIW7aKccYWuL3mrCBw="
* },
* "certs": [
* {
* "issuerCN": "AAA Certificate Services",
* "serial": "48FC93B46055948D36A7C98A89D69416"
* },
* {
* "issuerCN": "Sectigo Public Code Signing Root R46",
* "serial": "621D6D0C52019E3B9079152089211C0A"
* },
* {
* "issuerCN": "Sectigo Public Code Signing CA R36",
* "serial": "3FF5B69109BFD4046C92CC0D18EE23C2"
* }
* ],
* "digestAlgorithms": [
* "sha256"
* ],
* "signerInfo": [
* {
* "cert": {
* "serialNumber": "3FF5B69109BFD4046C92CC0D18EE23C2",
* "issuerCN": "Sectigo Public Code Signing CA R36",
* "digestAlgOid": "2.16.840.1.101.3.4.2.1",
* "digestAlgName": "SHA256"
* },
* "contentType": "1.3.6.1.4.1.311.2.1.4",
* "messageDigest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4=",
* "signingAlgOid": "1.2.840.113549.1.1.1",
* "signingAlgName": "RSA-PKCSV-1_5",
* "authAttr": {
* "1.3.6.1.4.1.311.2.1.12": {
* "der": "MAA="
* },
* "1.2.840.113549.1.9.3": {
* "name": "contentType",
* "oid": "1.3.6.1.4.1.311.2.1.4"
* },
* "1.3.6.1.4.1.311.2.1.11": {
* "der": "MAwGCisGAQQBgjcCARU="
* },
* "1.2.840.113549.1.9.4": {
* "name": "messageDigest",
* "digest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4="
* }
* },
* "unauthAttr": {
* "1.3.6.1.4.1.311.3.3.1": {
* "name": "timestampToken",
* "der": "MIIXJwY ... QZej",
* "verify": {
* "digestAlgorithms": [
* "sha256"
* ],
* "signerInfo": [
* {
* "cert": {
* "serialNumber": "0544AFF3949D0839A6BFDB3F5FE56116",
* "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
* "digestAlgOid": "2.16.840.1.101.3.4.2.1",
* "digestAlgName": "SHA256"
* },
* "contentType": "1.2.840.113549.1.9.16.1.4",
* "signingTime": "240117124047Z",
* "messageDigest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM=",
* "signingAlgOid": "1.2.840.113549.1.1.1",
* "signingAlgName": "RSA-PKCSV-1_5",
* "authAttr": {
* "1.2.840.113549.1.9.3": {
* "name": "contentType",
* "oid": "1.2.840.113549.1.9.16.1.4"
* },
* "1.2.840.113549.1.9.5": {
* "name": "signingTime",
* "utctime": "240117124047Z"
* },
* "1.2.840.113549.1.9.16.2.12": {
* "name": "signingCertificate",
* "der": "MBowGDAWBBRm8CsywsLJD4JdzqqKycZPGZzPQA=="
* },
* "1.2.840.113549.1.9.4": {
* "name": "messageDigest",
* "digest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM="
* },
* "1.2.840.113549.1.9.16.2.47": {
* "name": "signingCertificateV2",
* "der": "MCYwJDAiBCDS9uRt7XQizNHUQFdoQTZvgoraVZquMxavTRqa1Ax4KA=="
* }
* }
* }
* ],
* "uncommonOptions": "NO_SIGCERTV2_OID,NoSigningCertV2IssuerSerial"
* },
* "timestampSignatureVerified": true,
* "tstInfo": {
* "tsaPolicyId": "2.16.840.1.114412.7.1",
* "messageImprint": {
* "hashAlg": "sha256",
* "digest": "JqY7U+30qScMnRQwnDfUYEikZwOLHMhKX0oo5zo4ils=",
* "digestMatches": true
* },
* "serialNumber": "6E4597E574BC909213565DAEBC0E4888",
* "genTime": "20240117124047Z"
* }
* }
* }
* }
* ],
* "pkcs7": {
* "verify": {
* "certs": [
* {
* "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
* "serial": "0544AFF3949D0839A6BFDB3F5FE56116"
* },
* {
* "issuerCN": "DigiCert Trusted Root G4",
* "serial": "073637B724547CD847ACFD28662A5E5B"
* },
* {
* "issuerCN": "DigiCert Assured ID Root CA",
* "serial": "0E9B188EF9D02DE7EFDB50E20840185A"
* }
* ]
* }
* }
* }
* }
* }
loGenTime = CreateObject('Chilkat.DtObj')
loDt = CreateObject('Chilkat.CkDateTime')
* Show the certificates embedded in the PKCS7 signature.
? "Certificates contained in the PKCS7 signature:"
i = 0
lnCount_i = loJson.SizeOfArray("pkcs7.verify.certs")
DO WHILE i < lnCount_i
loJson.I = i
lcIssuerCN = loJson.StringOf("pkcs7.verify.certs[i].issuerCN")
lcSerial = loJson.StringOf("pkcs7.verify.certs[i].serial")
? lcIssuerCN + ", " + lcSerial
i = i + 1
ENDDO
* Show details about the signing certificate(s)
lnNumSigners = loJson.SizeOfArray("pkcs7.verify.signerInfo")
i = 0
DO WHILE i < lnNumSigners
loJson.I = i
? "---- Signing Certificate ----"
? "serial number: " + loJson.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber")
? "issuerCN: " + loJson.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN")
? "hash algorithm: " + loJson.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName")
? "signing algorithm: " + loJson.StringOf("pkcs7.verify.signerInfo[i].signingAlgName")
* If this signature includes a timestamp token, get information about it.
IF (loJson.HasMember('pkcs7.verify.signerInfo[i].unauthAttr."1.3.6.1.4.1.311.3.3.1"') = 1) THEN
* We're going to assume the timestamp token had only 1 signer..
? "--- Timestamp Token ----"
? "TS hash algorithm: " + loJson.StringOf('pkcs7.verify.signerInfo[i].unauthAttr."1.3.6.1.4.1.311.3.3.1".verify.digestAlgorithms[0]')
? "TS certificate serial: " + loJson.StringOf('pkcs7.verify.signerInfo[i].unauthAttr."1.3.6.1.4.1.311.3.3.1".verify.signerInfo[0].cert.serialNumber')
? "TS certificate issuerCN: " + loJson.StringOf('pkcs7.verify.signerInfo[i].unauthAttr."1.3.6.1.4.1.311.3.3.1".verify.signerInfo[0].cert.issuerCN')
? "timestamp signature verified: " + STR(loJson.BoolOf('pkcs7.verify.signerInfo[i].unauthAttr."1.3.6.1.4.1.311.3.3.1".timestampSignatureVerified'))
loJson.DtOf('pkcs7.verify.signerInfo[i].unauthAttr."1.3.6.1.4.1.311.3.3.1".tstInfo.genTime',0,loGenTime)
loDt.SetFromDtObj(loGenTime)
? "timestamp date/time: " + loDt.GetAsRfc822(1)
ENDIF
i = i + 1
ENDDO
? "The Authenticode signature is valid."
* Sample output:
* Certificates contained in the PKCS7 signature:
* AAA Certificate Services, 48FC93B46055948D36A7C98A89D69416
* Sectigo Public Code Signing Root R46, 621D6D0C52019E3B9079152089211C0A
* Sectigo Public Code Signing CA R36, 3FF5B69109BFD4046C92CC0D18EE23C2
* ---- Signing Certificate ----
* serial number: 3FF5B69109BFD4046C92CC0D18EE23C2
* issuerCN: Sectigo Public Code Signing CA R36
* hash algorithm: SHA256
* signing algorithm: RSA-PKCSV-1_5
* --- Timestamp Token ----
* TS hash algorithm: sha256
* TS certificate serial: 0544AFF3949D0839A6BFDB3F5FE56116
* TS certificate issuerCN: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
* timestamp signature verified: True
* timestamp date/time: Wed, 17 Jan 2024 06:40:47 -0600
* The Authenticode signature is valid.
RELEASE loJson
RELEASE loValidator
RELEASE loGenTime
RELEASE loDt