I am new to using osslsigncode and working on a project attempting to verify various signed code. I pulled down some signed 'cab' files that are signed (checked it via VirusTotal). However, using osslsigncode to verify the files appears to fail.
Some insight or input into the matter would be greatly appreciated.
Please see below for a sample output of a failed verification attempt:
140635644590400:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:253:Verify error:unable to get local issuer certificate
Timestamp Server Signature verification: failed
Signing certificate chain verified using:
Signer #1:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Issuer : /DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
Serial : 6133261A000000000031
Certificate expiration date:
notBefore : Aug 31 22:19:32 2010 GMT
notAfter : Aug 31 22:29:32 2020 GMT
Error: unable to get local issuer certificate
PKCS7_verify error
Failed signing certificate chain retrieved from the signature:
140635644590400:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unable to get local issuer certificate
Signature verification: failed
140635644590400:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:253:Verify error:unable to get local issuer certificate
Timestamp Server Signature verification: failed
Signing certificate chain verified using:
140635644590400:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unable to get local issuer certificate
Signature verification: failed
Hello,
I am new to using osslsigncode and working on a project attempting to verify various signed code. I pulled down some signed 'cab' files that are signed (checked it via VirusTotal). However, using osslsigncode to verify the files appears to fail.
Some insight or input into the matter would be greatly appreciated.
Please see below for a sample output of a failed verification attempt:
============ xxxx@xxxxx:~/codesigner/objects$ osslsigncode verify -in 20484220_5f2718fc6d44c5ae61d4275d679bbf1ededf58e5.cab -CAfile code_signing_ca.pem -untrusted code_signing_ca.pem
Signature Index: 0 (Primary Signature)
Message digest algorithm : SHA1 Current message digest : 407229AA461DC8C4D9208920E87742BB3BCE0CAD Calculated message digest : 407229AA461DC8C4D9208920E87742BB3BCE0CAD
Signer's certificate:
Message digest algorithm: SHA1
Authenticated attributes: Microsoft Individual Code Signing purpose Message digest: 88CCB6380730497D08C53EA789685D7715052E40 URL description: http://winqual.microsoft.com Text description: WHQL Driver Update
Countersignatures: Timestamp time: May 21 22:46:53 2012 GMT Signing time: May 21 22:46:53 2012 GMT Hash Algorithm: sha1 Issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA Serial: 6105133600000000001A
CAfile: code_signing_ca.pem TSA's certificates file: code_signing_ca.pem
Timestamp verified using:
CMS_verify error
Failed timestamp certificate chain retrieved from the signature:
140635644590400:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:253:Verify error:unable to get local issuer certificate
Timestamp Server Signature verification: failed Signing certificate chain verified using:
PKCS7_verify error
Failed signing certificate chain retrieved from the signature:
140635644590400:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unable to get local issuer certificate Signature verification: failed
Signature Index: 1
Message digest algorithm : SHA256 Current message digest : F3B4762BD3055DB2BEAD6A781AD3A13A5CDBF829DA1436B657FBE28A398CEF94 Calculated message digest : F3B4762BD3055DB2BEAD6A781AD3A13A5CDBF829DA1436B657FBE28A398CEF94
Signer's certificate:
Message digest algorithm: SHA256
Authenticated attributes: Sequence number: 1 Microsoft Individual Code Signing purpose Message digest: 32493E9DD4E9BFA0FD93D10ECB28BC099A3A32D7953EF6E31FF0EF7FABB898B1 URL description: http://winqual.microsoft.com Text description: WHQL Driver Update
Countersignatures: Timestamp time: May 21 22:46:53 2012 GMT Signing time: N/A Hash Algorithm: sha1 Issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA 2010 Serial: 6107D45500000000000E
CAfile: code_signing_ca.pem TSA's certificates file: code_signing_ca.pem
Timestamp verified using:
CMS_verify error
Failed timestamp certificate chain retrieved from the signature:
140635644590400:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:253:Verify error:unable to get local issuer certificate
Timestamp Server Signature verification: failed Signing certificate chain verified using:
PKCS7_verify error
Failed signing certificate chain retrieved from the signature:
140635644590400:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unable to get local issuer certificate Signature verification: failed
Number of verified signatures: 2 Failed