PureBasic
PureBasic
Verify Authenticode Signature of EXE or DLL
See more Code Signing Examples
Demonstrates how to verify an Authenticode signed EXE or DLL.Note: Chilkat's code signing class was added in v9.5.0.97
Chilkat PureBasic Downloads
IncludeFile "CkCodeSign.pb"
IncludeFile "CkDtObj.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkDateTime.pb"
Procedure ChilkatExample()
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; You can verify a signed DLL or EXE.
path.s = "c:/someDir/something.dll"
; The verify method returns an overall indicator of whether
; the EXE or DLL can be trusted or not.
; The details of the signature are emitted to the JSON object
; passed in the last argument.
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::setCkEmitCompact(json, 0)
validator.i = CkCodeSign::ckCreate()
If validator.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
valid.i = CkCodeSign::ckVerifySignature(validator,path,json)
If valid = 0
; Validation failed.
Debug CkCodeSign::ckLastErrorText(validator)
; You can also examine the details of the validation (see below)
Debug CkJsonObject::ckEmit(json)
CkJsonObject::ckDispose(json)
CkCodeSign::ckDispose(validator)
ProcedureReturn
EndIf
; Examine the details of the Authenticode signature
; println json.Emit();
; An example of the JSON details of an authenticode signature, with selected parsing code, is shown below.
;
; Use this online tool to generate parsing code from sample JSON:
; Generate Parsing Code from JSON
; {
; "pkcs7": {
; "verify": {
; "peFile": {
; "hashOid": "2.16.840.1.101.3.4.2.1",
; "hash": "q9tzWEcea8f8kaMXG8LpWNPe9JIW7aKccYWuL3mrCBw="
; },
; "certs": [
; {
; "issuerCN": "AAA Certificate Services",
; "serial": "48FC93B46055948D36A7C98A89D69416"
; },
; {
; "issuerCN": "Sectigo Public Code Signing Root R46",
; "serial": "621D6D0C52019E3B9079152089211C0A"
; },
; {
; "issuerCN": "Sectigo Public Code Signing CA R36",
; "serial": "3FF5B69109BFD4046C92CC0D18EE23C2"
; }
; ],
; "digestAlgorithms": [
; "sha256"
; ],
; "signerInfo": [
; {
; "cert": {
; "serialNumber": "3FF5B69109BFD4046C92CC0D18EE23C2",
; "issuerCN": "Sectigo Public Code Signing CA R36",
; "digestAlgOid": "2.16.840.1.101.3.4.2.1",
; "digestAlgName": "SHA256"
; },
; "contentType": "1.3.6.1.4.1.311.2.1.4",
; "messageDigest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4=",
; "signingAlgOid": "1.2.840.113549.1.1.1",
; "signingAlgName": "RSA-PKCSV-1_5",
; "authAttr": {
; "1.3.6.1.4.1.311.2.1.12": {
; "der": "MAA="
; },
; "1.2.840.113549.1.9.3": {
; "name": "contentType",
; "oid": "1.3.6.1.4.1.311.2.1.4"
; },
; "1.3.6.1.4.1.311.2.1.11": {
; "der": "MAwGCisGAQQBgjcCARU="
; },
; "1.2.840.113549.1.9.4": {
; "name": "messageDigest",
; "digest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4="
; }
; },
; "unauthAttr": {
; "1.3.6.1.4.1.311.3.3.1": {
; "name": "timestampToken",
; "der": "MIIXJwY ... QZej",
; "verify": {
; "digestAlgorithms": [
; "sha256"
; ],
; "signerInfo": [
; {
; "cert": {
; "serialNumber": "0544AFF3949D0839A6BFDB3F5FE56116",
; "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
; "digestAlgOid": "2.16.840.1.101.3.4.2.1",
; "digestAlgName": "SHA256"
; },
; "contentType": "1.2.840.113549.1.9.16.1.4",
; "signingTime": "240117124047Z",
; "messageDigest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM=",
; "signingAlgOid": "1.2.840.113549.1.1.1",
; "signingAlgName": "RSA-PKCSV-1_5",
; "authAttr": {
; "1.2.840.113549.1.9.3": {
; "name": "contentType",
; "oid": "1.2.840.113549.1.9.16.1.4"
; },
; "1.2.840.113549.1.9.5": {
; "name": "signingTime",
; "utctime": "240117124047Z"
; },
; "1.2.840.113549.1.9.16.2.12": {
; "name": "signingCertificate",
; "der": "MBowGDAWBBRm8CsywsLJD4JdzqqKycZPGZzPQA=="
; },
; "1.2.840.113549.1.9.4": {
; "name": "messageDigest",
; "digest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM="
; },
; "1.2.840.113549.1.9.16.2.47": {
; "name": "signingCertificateV2",
; "der": "MCYwJDAiBCDS9uRt7XQizNHUQFdoQTZvgoraVZquMxavTRqa1Ax4KA=="
; }
; }
; }
; ],
; "uncommonOptions": "NO_SIGCERTV2_OID,NoSigningCertV2IssuerSerial"
; },
; "timestampSignatureVerified": true,
; "tstInfo": {
; "tsaPolicyId": "2.16.840.1.114412.7.1",
; "messageImprint": {
; "hashAlg": "sha256",
; "digest": "JqY7U+30qScMnRQwnDfUYEikZwOLHMhKX0oo5zo4ils=",
; "digestMatches": true
; },
; "serialNumber": "6E4597E574BC909213565DAEBC0E4888",
; "genTime": "20240117124047Z"
; }
; }
; }
; }
; ],
; "pkcs7": {
; "verify": {
; "certs": [
; {
; "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
; "serial": "0544AFF3949D0839A6BFDB3F5FE56116"
; },
; {
; "issuerCN": "DigiCert Trusted Root G4",
; "serial": "073637B724547CD847ACFD28662A5E5B"
; },
; {
; "issuerCN": "DigiCert Assured ID Root CA",
; "serial": "0E9B188EF9D02DE7EFDB50E20840185A"
; }
; ]
; }
; }
; }
; }
; }
issuerCN.s
serial.s
genTime.i = CkDtObj::ckCreate()
If genTime.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
dt.i = CkDateTime::ckCreate()
If dt.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Show the certificates embedded in the PKCS7 signature.
Debug "Certificates contained in the PKCS7 signature:"
i.i = 0
count_i.i = CkJsonObject::ckSizeOfArray(json,"pkcs7.verify.certs")
While i < count_i
CkJsonObject::setCkI(json, i)
issuerCN = CkJsonObject::ckStringOf(json,"pkcs7.verify.certs[i].issuerCN")
serial = CkJsonObject::ckStringOf(json,"pkcs7.verify.certs[i].serial")
Debug issuerCN + ", " + serial
i = i + 1
Wend
; Show details about the signing certificate(s)
numSigners.i = CkJsonObject::ckSizeOfArray(json,"pkcs7.verify.signerInfo")
i = 0
While i < numSigners
CkJsonObject::setCkI(json, i)
Debug "---- Signing Certificate ----"
Debug "serial number: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].cert.serialNumber")
Debug "issuerCN: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].cert.issuerCN")
Debug "hash algorithm: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].cert.digestAlgName")
Debug "signing algorithm: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].signingAlgName")
; If this signature includes a timestamp token, get information about it.
If CkJsonObject::ckHasMember(json,"pkcs7.verify.signerInfo[i].unauthAttr." + Chr(34) + "1.3.6.1.4.1.311.3.3.1" + Chr(34)) = 1
; We're going to assume the timestamp token had only 1 signer..
Debug "--- Timestamp Token ----"
Debug "TS hash algorithm: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].unauthAttr." + Chr(34) + "1.3.6.1.4.1.311.3.3.1" + Chr(34) + ".verify.digestAlgorithms[0]")
Debug "TS certificate serial: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].unauthAttr." + Chr(34) + "1.3.6.1.4.1.311.3.3.1" + Chr(34) + ".verify.signerInfo[0].cert.serialNumber")
Debug "TS certificate issuerCN: " + CkJsonObject::ckStringOf(json,"pkcs7.verify.signerInfo[i].unauthAttr." + Chr(34) + "1.3.6.1.4.1.311.3.3.1" + Chr(34) + ".verify.signerInfo[0].cert.issuerCN")
Debug "timestamp signature verified: " + Str(CkJsonObject::ckBoolOf(json,"pkcs7.verify.signerInfo[i].unauthAttr." + Chr(34) + "1.3.6.1.4.1.311.3.3.1" + Chr(34) + ".timestampSignatureVerified"))
CkJsonObject::ckDtOf(json,"pkcs7.verify.signerInfo[i].unauthAttr." + Chr(34) + "1.3.6.1.4.1.311.3.3.1" + Chr(34) + ".tstInfo.genTime",0,genTime)
CkDateTime::ckSetFromDtObj(dt,genTime)
Debug "timestamp date/time: " + CkDateTime::ckGetAsRfc822(dt,1)
EndIf
i = i + 1
Wend
Debug "The Authenticode signature is valid."
; Sample output:
; Certificates contained in the PKCS7 signature:
; AAA Certificate Services, 48FC93B46055948D36A7C98A89D69416
; Sectigo Public Code Signing Root R46, 621D6D0C52019E3B9079152089211C0A
; Sectigo Public Code Signing CA R36, 3FF5B69109BFD4046C92CC0D18EE23C2
; ---- Signing Certificate ----
; serial number: 3FF5B69109BFD4046C92CC0D18EE23C2
; issuerCN: Sectigo Public Code Signing CA R36
; hash algorithm: SHA256
; signing algorithm: RSA-PKCSV-1_5
; --- Timestamp Token ----
; TS hash algorithm: sha256
; TS certificate serial: 0544AFF3949D0839A6BFDB3F5FE56116
; TS certificate issuerCN: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
; timestamp signature verified: True
; timestamp date/time: Wed, 17 Jan 2024 06:40:47 -0600
; The Authenticode signature is valid.
CkJsonObject::ckDispose(json)
CkCodeSign::ckDispose(validator)
CkDtObj::ckDispose(genTime)
CkDateTime::ckDispose(dt)
ProcedureReturn
EndProcedure