VB.NET
VB.NET
Verify Authenticode Signature of EXE or DLL
See more Code Signing Examples
Demonstrates how to verify an Authenticode signed EXE or DLL.Note: Chilkat's code signing class was added in v9.5.0.97
Chilkat VB.NET Downloads
' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
' You can verify a signed DLL or EXE.
Dim path As String = "c:/someDir/something.dll"
' The verify method returns an overall indicator of whether
' the EXE or DLL can be trusted or not.
' The details of the signature are emitted to the JSON object
' passed in the last argument.
Dim json As New Chilkat.JsonObject
json.EmitCompact = False
Dim validator As New Chilkat.CodeSign
Dim valid As Boolean = validator.VerifySignature(path,json)
If (valid = False) Then
' Validation failed.
Debug.WriteLine(validator.LastErrorText)
' You can also examine the details of the validation (see below)
Debug.WriteLine(json.Emit())
Exit Sub
End If
' Examine the details of the Authenticode signature
' println json.Emit();
' An example of the JSON details of an authenticode signature, with selected parsing code, is shown below.
'
' Use this online tool to generate parsing code from sample JSON:
' Generate Parsing Code from JSON
' {
' "pkcs7": {
' "verify": {
' "peFile": {
' "hashOid": "2.16.840.1.101.3.4.2.1",
' "hash": "q9tzWEcea8f8kaMXG8LpWNPe9JIW7aKccYWuL3mrCBw="
' },
' "certs": [
' {
' "issuerCN": "AAA Certificate Services",
' "serial": "48FC93B46055948D36A7C98A89D69416"
' },
' {
' "issuerCN": "Sectigo Public Code Signing Root R46",
' "serial": "621D6D0C52019E3B9079152089211C0A"
' },
' {
' "issuerCN": "Sectigo Public Code Signing CA R36",
' "serial": "3FF5B69109BFD4046C92CC0D18EE23C2"
' }
' ],
' "digestAlgorithms": [
' "sha256"
' ],
' "signerInfo": [
' {
' "cert": {
' "serialNumber": "3FF5B69109BFD4046C92CC0D18EE23C2",
' "issuerCN": "Sectigo Public Code Signing CA R36",
' "digestAlgOid": "2.16.840.1.101.3.4.2.1",
' "digestAlgName": "SHA256"
' },
' "contentType": "1.3.6.1.4.1.311.2.1.4",
' "messageDigest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4=",
' "signingAlgOid": "1.2.840.113549.1.1.1",
' "signingAlgName": "RSA-PKCSV-1_5",
' "authAttr": {
' "1.3.6.1.4.1.311.2.1.12": {
' "der": "MAA="
' },
' "1.2.840.113549.1.9.3": {
' "name": "contentType",
' "oid": "1.3.6.1.4.1.311.2.1.4"
' },
' "1.3.6.1.4.1.311.2.1.11": {
' "der": "MAwGCisGAQQBgjcCARU="
' },
' "1.2.840.113549.1.9.4": {
' "name": "messageDigest",
' "digest": "4MkPVkY4qdwoVAj5JcCvn3ISSS5yqtf1+KmIs/Ckni4="
' }
' },
' "unauthAttr": {
' "1.3.6.1.4.1.311.3.3.1": {
' "name": "timestampToken",
' "der": "MIIXJwY ... QZej",
' "verify": {
' "digestAlgorithms": [
' "sha256"
' ],
' "signerInfo": [
' {
' "cert": {
' "serialNumber": "0544AFF3949D0839A6BFDB3F5FE56116",
' "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
' "digestAlgOid": "2.16.840.1.101.3.4.2.1",
' "digestAlgName": "SHA256"
' },
' "contentType": "1.2.840.113549.1.9.16.1.4",
' "signingTime": "240117124047Z",
' "messageDigest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM=",
' "signingAlgOid": "1.2.840.113549.1.1.1",
' "signingAlgName": "RSA-PKCSV-1_5",
' "authAttr": {
' "1.2.840.113549.1.9.3": {
' "name": "contentType",
' "oid": "1.2.840.113549.1.9.16.1.4"
' },
' "1.2.840.113549.1.9.5": {
' "name": "signingTime",
' "utctime": "240117124047Z"
' },
' "1.2.840.113549.1.9.16.2.12": {
' "name": "signingCertificate",
' "der": "MBowGDAWBBRm8CsywsLJD4JdzqqKycZPGZzPQA=="
' },
' "1.2.840.113549.1.9.4": {
' "name": "messageDigest",
' "digest": "y6cKjJoRfgJwW+Dj29w3tEfWqVybz7Sg+d8opKQxCjM="
' },
' "1.2.840.113549.1.9.16.2.47": {
' "name": "signingCertificateV2",
' "der": "MCYwJDAiBCDS9uRt7XQizNHUQFdoQTZvgoraVZquMxavTRqa1Ax4KA=="
' }
' }
' }
' ],
' "uncommonOptions": "NO_SIGCERTV2_OID,NoSigningCertV2IssuerSerial"
' },
' "timestampSignatureVerified": true,
' "tstInfo": {
' "tsaPolicyId": "2.16.840.1.114412.7.1",
' "messageImprint": {
' "hashAlg": "sha256",
' "digest": "JqY7U+30qScMnRQwnDfUYEikZwOLHMhKX0oo5zo4ils=",
' "digestMatches": true
' },
' "serialNumber": "6E4597E574BC909213565DAEBC0E4888",
' "genTime": "20240117124047Z"
' }
' }
' }
' }
' ],
' "pkcs7": {
' "verify": {
' "certs": [
' {
' "issuerCN": "DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
' "serial": "0544AFF3949D0839A6BFDB3F5FE56116"
' },
' {
' "issuerCN": "DigiCert Trusted Root G4",
' "serial": "073637B724547CD847ACFD28662A5E5B"
' },
' {
' "issuerCN": "DigiCert Assured ID Root CA",
' "serial": "0E9B188EF9D02DE7EFDB50E20840185A"
' }
' ]
' }
' }
' }
' }
' }
Dim issuerCN As String
Dim serial As String
Dim genTime As New Chilkat.DtObj
Dim dt As New Chilkat.CkDateTime
' Show the certificates embedded in the PKCS7 signature.
Debug.WriteLine("Certificates contained in the PKCS7 signature:")
Dim i As Integer = 0
Dim count_i As Integer = json.SizeOfArray("pkcs7.verify.certs")
While i < count_i
json.I = i
issuerCN = json.StringOf("pkcs7.verify.certs[i].issuerCN")
serial = json.StringOf("pkcs7.verify.certs[i].serial")
Debug.WriteLine(issuerCN & ", " & serial)
i = i + 1
End While
' Show details about the signing certificate(s)
Dim numSigners As Integer = json.SizeOfArray("pkcs7.verify.signerInfo")
i = 0
While i < numSigners
json.I = i
Debug.WriteLine("---- Signing Certificate ----")
Debug.WriteLine("serial number: " & json.StringOf("pkcs7.verify.signerInfo[i].cert.serialNumber"))
Debug.WriteLine("issuerCN: " & json.StringOf("pkcs7.verify.signerInfo[i].cert.issuerCN"))
Debug.WriteLine("hash algorithm: " & json.StringOf("pkcs7.verify.signerInfo[i].cert.digestAlgName"))
Debug.WriteLine("signing algorithm: " & json.StringOf("pkcs7.verify.signerInfo[i].signingAlgName"))
' If this signature includes a timestamp token, get information about it.
If (json.HasMember("pkcs7.verify.signerInfo[i].unauthAttr.""1.3.6.1.4.1.311.3.3.1""") = True) Then
' We're going to assume the timestamp token had only 1 signer..
Debug.WriteLine("--- Timestamp Token ----")
Debug.WriteLine("TS hash algorithm: " & json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.3.6.1.4.1.311.3.3.1"".verify.digestAlgorithms[0]"))
Debug.WriteLine("TS certificate serial: " & json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.3.6.1.4.1.311.3.3.1"".verify.signerInfo[0].cert.serialNumber"))
Debug.WriteLine("TS certificate issuerCN: " & json.StringOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.3.6.1.4.1.311.3.3.1"".verify.signerInfo[0].cert.issuerCN"))
Debug.WriteLine("timestamp signature verified: " & json.BoolOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.3.6.1.4.1.311.3.3.1"".timestampSignatureVerified"))
json.DtOf("pkcs7.verify.signerInfo[i].unauthAttr.""1.3.6.1.4.1.311.3.3.1"".tstInfo.genTime",False,genTime)
dt.SetFromDtObj(genTime)
Debug.WriteLine("timestamp date/time: " & dt.GetAsRfc822(True))
End If
i = i + 1
End While
Debug.WriteLine("The Authenticode signature is valid.")
' Sample output:
' Certificates contained in the PKCS7 signature:
' AAA Certificate Services, 48FC93B46055948D36A7C98A89D69416
' Sectigo Public Code Signing Root R46, 621D6D0C52019E3B9079152089211C0A
' Sectigo Public Code Signing CA R36, 3FF5B69109BFD4046C92CC0D18EE23C2
' ---- Signing Certificate ----
' serial number: 3FF5B69109BFD4046C92CC0D18EE23C2
' issuerCN: Sectigo Public Code Signing CA R36
' hash algorithm: SHA256
' signing algorithm: RSA-PKCSV-1_5
' --- Timestamp Token ----
' TS hash algorithm: sha256
' TS certificate serial: 0544AFF3949D0839A6BFDB3F5FE56116
' TS certificate issuerCN: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
' timestamp signature verified: True
' timestamp date/time: Wed, 17 Jan 2024 06:40:47 -0600
' The Authenticode signature is valid.