AuthenticodeSignature Type
Represents a signature over an executable binary (EXE, DLL, PE).
Remarks
This type contains all information about a single signature produced (or read from the binary) by AuthenticodeVerifier.
Fields
| |
chainValidationDetails
Int32 |
The details of a certificate chain validation outcome. They may often suggest what reasons that contributed to the overall validation result.
Returns a bit mask of the following options:
| | | cvrBadData | 0x0001 | One or more certificates in the validation path are malformed
| | cvrRevoked | 0x0002 | One or more certificates are revoked
| | cvrNotYetValid | 0x0004 | One or more certificates are not yet valid
| | cvrExpired | 0x0008 | One or more certificates are expired
| | cvrInvalidSignature | 0x0010 | A certificate contains a non-valid digital signature
| | cvrUnknownCA | 0x0020 | A CA certificate for one or more certificates has not been found (chain incomplete)
| | cvrCAUnauthorized | 0x0040 | One of the CA certificates are not authorized to act as CA
| | cvrCRLNotVerified | 0x0080 | One or more CRLs could not be verified
| | cvrOCSPNotVerified | 0x0100 | One or more OCSP responses could not be verified
| | cvrIdentityMismatch | 0x0200 | The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate
| | cvrNoKeyUsage | 0x0400 | A mandatory key usage is not enabled in one of the chain certificates
| | cvrBlocked | 0x0800 | One or more certificates are blocked
| | cvrFailure | 0x1000 | General validation failure
| | cvrChainLoop | 0x2000 | Chain loop: one of the CA certificates recursively signs itself
| | cvrWeakAlgorithm | 0x4000 | A weak algorithm is used in one of certificates or revocation elements
| | cvrUserEnforced | 0x8000 | The chain was considered invalid following intervention from a user code
|
|
chainValidationResult
ChainValidities |
The outcome of a certificate chain validation routine.
Available options:
| | | cvtValid | 0 | The chain is valid
| | cvtValidButUntrusted | 1 | The chain is valid, but the root certificate is not trusted
| | cvtInvalid | 2 | The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature)
| | cvtCantBeEstablished | 3 | The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses)
|
Use the ValidationLog property to access the detailed validation log.
|
claimedSigningTime
String |
Returns the signature's claimed signing time.
Use this property to get the signature creation time from the signer's computer. Note that the claimed time is not covered by a trusted timestamp and may be forfeited or wrong.
Use ValidatedSigningTime to obtain the signing time figure verified by a trusted timestamping authority. The time is in UTC.
|
description_
String |
Returns a human-readable signature description.
|
errorCode
Int32 |
Returns the error code returned by the signature validation routine.
|
errorMessage
String |
Returns the error message returned by the signature validation routine.
|
fileHashAlgorithm
String |
Returns the algorithm that was used to hash the executable.
| | | SB_HASH_ALGORITHM_MD5 | MD5 | | | SB_HASH_ALGORITHM_SHA1 | SHA1 | | | SB_HASH_ALGORITHM_SHA224 | SHA224 | | | SB_HASH_ALGORITHM_SHA256 | SHA256 | | | SB_HASH_ALGORITHM_SHA384 | SHA384 | | | SB_HASH_ALGORITHM_SHA512 | SHA512 | | | SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | | | SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | | | SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | | | SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
|
hashAlgorithm
String |
Returns the hash algorithm used when generating the signature.
| | | SB_HASH_ALGORITHM_MD5 | MD5 | | | SB_HASH_ALGORITHM_SHA1 | SHA1 | | | SB_HASH_ALGORITHM_SHA224 | SHA224 | | | SB_HASH_ALGORITHM_SHA256 | SHA256 | | | SB_HASH_ALGORITHM_SHA384 | SHA384 | | | SB_HASH_ALGORITHM_SHA512 | SHA512 | | | SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | | | SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | | | SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | | | SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
|
signatureValidationResult
SignatureValidities |
The outcome of the cryptographic signature validation.
The following signature validity values are supported:
| | | svtValid | 0 | The signature is valid
| | svtUnknown | 1 | Signature validity is unknown
| | svtCorrupted | 2 | The signature is corrupted
| | svtSignerNotFound | 3 | Failed to acquire the signing certificate. The signature cannot be validated.
| | svtFailure | 4 | General failure
|
|
statementType
AuthenticodeStatementTypes |
Returns the signature statement type.
Available options:
| | | acsUnknown | 0 | | acsIndividual | 1 | | acsCommercial | 2 |
|
url
String |
Returns the URL included in the signature by the signer.
|
validatedSigningTime
String |
Contains the certified signing time.
Use this property to obtain the signing time as certified by a timestamp from a trusted timestamping authority.
This property is only non-empty if there was a valid timestamp included in the signature.
ClaimedSigningTime returns a non-trusted signing time from the signer's computer.
Both times are in UTC.
|
validationLog
String |
Contains the signing certificate's chain validation log.
This information may be very useful in investigating chain validation failures.
|