-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify Signed 'cab' Files #391
Comments
I updated https://raw.githubusercontent.com/mtrojnar/osslsigncode/master/code_signing_ca.pem to not only include Code Signing certificates. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I am new to using osslsigncode and working on a project attempting to verify various signed code. I pulled down some signed 'cab' files that are signed (checked it via VirusTotal). However, using osslsigncode to verify the files appears to fail.
Some insight or input into the matter would be greatly appreciated.
Please see below for a sample output of a failed verification attempt:
============
xxxx@xxxxx:~/codesigner/objects$ osslsigncode verify -in 20484220_5f2718fc6d44c5ae61d4275d679bbf1ededf58e5.cab -CAfile code_signing_ca.pem -untrusted code_signing_ca.pem
Signature Index: 0 (Primary Signature)
Message digest algorithm : SHA1
Current message digest : 407229AA461DC8C4D9208920E87742BB3BCE0CAD
Calculated message digest : 407229AA461DC8C4D9208920E87742BB3BCE0CAD
Signer's certificate:
------------------
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=MOPR/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Serial : 6119CC93000100000066
Certificate expiration date:
notBefore : Oct 10 20:32:25 2011 GMT
notAfter : Jan 10 20:32:25 2013 GMT
Message digest algorithm: SHA1
Authenticated attributes:
Microsoft Individual Code Signing purpose
Message digest: 88CCB6380730497D08C53EA789685D7715052E40
URL description: http:https://winqual.microsoft.com
Text description: WHQL Driver Update
Countersignatures:
Timestamp time: May 21 22:46:53 2012 GMT
Signing time: May 21 22:46:53 2012 GMT
Hash Algorithm: sha1
Issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA
Serial: 6105133600000000001A
CAfile: code_signing_ca.pem
TSA's certificates file: code_signing_ca.pem
Timestamp verified using:
------------------
Signer #1:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA
Issuer : /DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
Serial : 6116683400000000001C
Certificate expiration date:
notBefore : Apr 3 12:53:09 2007 GMT
notAfter : Apr 3 13:03:09 2021 GMT
CMS_verify error
Failed timestamp certificate chain retrieved from the signature:
------------------
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=MOPR/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Serial : 6119CC93000100000066
Certificate expiration date:
notBefore : Oct 10 20:32:25 2011 GMT
notAfter : Jan 10 20:32:25 2013 GMT
140635644590400:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:253:Verify error:unable to get local issuer certificate
Timestamp Server Signature verification: failed
Signing certificate chain verified using:
------------------
Signer #1:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Issuer : /DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
Serial : 6133261A000000000031
Certificate expiration date:
notBefore : Aug 31 22:19:32 2010 GMT
notAfter : Aug 31 22:29:32 2020 GMT
PKCS7_verify error
Failed signing certificate chain retrieved from the signature:
------------------
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=MOPR/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Serial : 6119CC93000100000066
Certificate expiration date:
notBefore : Oct 10 20:32:25 2011 GMT
notAfter : Jan 10 20:32:25 2013 GMT
140635644590400:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unable to get local issuer certificate
Signature verification: failed
Signature Index: 1
Message digest algorithm : SHA256
Current message digest : F3B4762BD3055DB2BEAD6A781AD3A13A5CDBF829DA1436B657FBE28A398CEF94
Calculated message digest : F3B4762BD3055DB2BEAD6A781AD3A13A5CDBF829DA1436B657FBE28A398CEF94
Signer's certificate:
------------------
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=MOPR/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
Serial : 6105495500000000000B
Certificate expiration date:
notBefore : Oct 10 20:45:24 2011 GMT
notAfter : Jan 10 20:55:24 2013 GMT
Message digest algorithm: SHA256
Authenticated attributes:
Sequence number: 1
Microsoft Individual Code Signing purpose
Message digest: 32493E9DD4E9BFA0FD93D10ECB28BC099A3A32D7953EF6E31FF0EF7FABB898B1
URL description: http:https://winqual.microsoft.com
Text description: WHQL Driver Update
Countersignatures:
Timestamp time: May 21 22:46:53 2012 GMT
Signing time: N/A
Hash Algorithm: sha1
Issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA 2010
Serial: 6107D45500000000000E
CAfile: code_signing_ca.pem
TSA's certificates file: code_signing_ca.pem
Timestamp verified using:
------------------
Signer #1:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA 2010
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
Serial : 6109812A000000000002
Certificate expiration date:
notBefore : Jul 1 21:36:55 2010 GMT
notAfter : Jul 1 21:46:55 2025 GMT
CMS_verify error
Failed timestamp certificate chain retrieved from the signature:
------------------
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA 2010
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
Serial : 6109812A000000000002
Certificate expiration date:
notBefore : Jul 1 21:36:55 2010 GMT
notAfter : Jul 1 21:46:55 2025 GMT
140635644590400:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:253:Verify error:unable to get local issuer certificate
Timestamp Server Signature verification: failed
Signing certificate chain verified using:
------------------
Signer #1:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010
Serial : 610C524C000000000003
Certificate expiration date:
notBefore : Jul 6 20:40:17 2010 GMT
notAfter : Jul 6 20:50:17 2025 GMT
PKCS7_verify error
Failed signing certificate chain retrieved from the signature:
------------------
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=MOPR/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
Serial : 6105495500000000000B
Certificate expiration date:
notBefore : Oct 10 20:45:24 2011 GMT
notAfter : Jan 10 20:55:24 2013 GMT
140635644590400:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unable to get local issuer certificate
Signature verification: failed
Number of verified signatures: 2
Failed
The text was updated successfully, but these errors were encountered: