Discuss this help topic in SecureBlackbox Forum

Verify the PE signature

To verify the signatures of the Portable Eecutable file (EXE, DLL, OCX), you need to use TElAuthenticodeVerifier component.

First, create an instance of TElAuthenticodeVerifier component. Call OpenFile() method of TElAuthenticodeVerifier class to load the PE file.

The signed file can include or not include the certificates, used to sign the file. If the certificates vere included, they are accessible using Certificates property of TElAuthenticodeVerifier class. If the certificates are not included (and Certificates storage is empty), then in order to validate the file signature(s), you need to provide the certificates. You do this by setting CertStorage property of TElAuthenticodeVerifier class to reference the instance of TElCustomCertStorage class (one of it's descendants).

To get the number of signatures, available in the file, use SignatureCount property. Next, you can call VerifySignature() method of TElAuthenticodeVerifier class to verify the validity of each signature. Note, that this method doesn't validate the certificates, used to produce the signature(s).

To validate the certificates, used to sign the PE file, take the contents of Certificates storage and follow the instructions in the corresponding how-to article.

To check and validate the timestamps, see the corresponding how-to article.

Finally call CloseFile() method of TElAuthenticodeVerifier class to close the file.

Discuss this help topic in SecureBlackbox Forum