ebourg
commented
5 years ago Just right click on the signed .exe or .dll file, select 'Properties' then 'Signatures'.
Open aravindarc opened 5 years ago
ebourg
commented
5 years ago Just right click on the signed .exe or .dll file, select 'Properties' then 'Signatures'.
aravindarc
commented
5 years ago Sorry I should have been more explicit, my requirement is to use this library or any java library. I found how to extract the Signatures and Counter Signatures using this library, but if suppose the Signature is changed or the EXE file is tampered, how to verify the validity of the exe, the signature and the counter signature, this too in java.
aravindarc
commented
5 years ago I am implementing a verification method in PEFile class. I think it's working but I don't know for sure, which digests have to be checked against which. I have partially implemented the verification method. Can you please point to documentation for signing and verifying Authenticode Signatures.
ebourg
commented
5 years ago Verifying signatures would be a nice addition to jsign if you want to tackle this issue.
If that helps the main source of documentation is the Authenticode specification from Microsoft:
aravindarc
commented
5 years ago Thank you, I have finished implementing and it is working just requires verification from you. I am new to git, how to push it to you. I cloned this repo and made the additions.
aravindarc
commented
5 years ago I have made a pull request related to this question. I have implemented what I think is a verification method. Can you please clarify if that's not how verification should be approached or if what I have done is incomplete. I am in need of this feature.
How to find all the counter signatures and also how to verify and validate signatures