ur

How to check a catalog file is signed and get certificate details

6 posts in this topic

#1 ·  Posted (edited)

I can check this though signtool.exe and it results in the text output though below command.

signtool.exe verify /v /pa "C:\test\ftdiport.cat"

And this result the output in verbose mode in command prompt or we can redirect it to a text file as below.

 

Verifying: C:\test\ftdiport.cat

Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority

    Issued by: Class 3 Public Primary Certification Authority

    Expires:   8/2/2028 5:29:59 AM

    SHA1 hash: 742C3192E607E424EB4549542BE1BBC53E6174E2


        Issued to: VeriSign Class 3 Code Signing 2004 CA

        Issued by: Class 3 Public Primary Certification Authority

        Expires:   7/16/2014 5:29:59 AM

        SHA1 hash: 197A4AEBDB25F0170079BB8C73CB2D655E0018A4


            Issued to: Future Technology Devices International Ltd

            Issued by: VeriSign Class 3 Code Signing 2004 CA

            Expires:   9/30/2010 5:29:59 AM

            SHA1 hash: 029E8FF6146EE9AEDA68092AB030057165B73A20


The signature is timestamped: 3/31/2010 6:10:55 PM

Timestamp Verified by:
    Issued to: Thawte Timestamping CA

    Issued by: Thawte Timestamping CA

    Expires:   1/1/2021 5:29:59 AM

    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656


        Issued to: VeriSign Time Stamping Services CA

        Issued by: Thawte Timestamping CA

        Expires:   12/4/2013 5:29:59 AM

        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D


            Issued to: VeriSign Time Stamping Services Signer - G2

            Issued by: VeriSign Time Stamping Services CA

            Expires:   6/15/2012 5:29:59 AM

            SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE


Successfully verified: C:\Users\ur00361883\Desktop\ftdiport.cat


Number of files successfully Verified: 1

Number of warnings: 0

Number of errors: 0

 

 

One option is to parse this file and I need to get below details.

Catalog file is Signed/Unsigned and Certificate issued for it and its expiry date.

Is there any option like some libraries instead of parsing this text file whether in c#,vbscript,autoit or powershell or any platform.

If no option, please guide me on how to parse this output.

 

Edited by ur

Share this post


Link to post
Share on other sites



with the UDF I told you some days ago. I can be done. in the structure CERT_INFO you can get the NotAfter field (Date and time after which the certificate is not valid. )

Saludos

Share this post


Link to post
Share on other sites

with the UDF I told you some days ago. I can be done. in the structure CERT_INFO you can get the NotAfter field (Date and time after which the certificate is not valid. )

Saludos

But that is not for drivers/catalog files, it is only for exe files.

Share this post


Link to post
Share on other sites

Just need some changes to get expiry date of Catalog. It work with drivers I've tried out.

Saludos

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Luigi
      By Luigi
      Greetings,
      I want use WinHttpRequest to access a OpenShift API server, it use a self signed certificate.
      Does now work...
      I never try with a self signed certificate, how do this?
      Best regards
      Global $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://openshift.domain:1234/api/", False) $oHttp.Option(4) = 0x0100 + 0x0200 + 0x1000 + 0x2000 $oHTTP.Option(9) = 0x0080 ;WinHttpRequestOption_SecureProtocols ;~ $oHttp.SetClientCertificate("LOCAL_MACHINE\\Personal\\certificado.crt") $oHttp.Send() $oHttp.WaitForResponse() Local $oAllHeaders = $oHttp.GetAllResponseHeaders() $oReceived = $oHttp.ResponseText $oStatusCode = $oHttp.Status $oHttp = 0 If $oStatusCode = 200 Then ConsoleWrite("$oAllHeaders--------------------" & @LF & $oAllHeaders & "$oAllHeaders--------------------" & @LF) Else ConsoleWrite("< error = " & $oReceived & @LF & $oAllHeaders & @LF) EndIf  
    • colombeen
      By colombeen
      Hi guys,
      I have a pretty advanced question...
       
      This is the issue i'm facing :
      On a regular basis we need to install pfx certificates (with password protection) on devices from external companies.
      To install the certificate we always have to contact the user, setup a really dull and long process to get an RDP session to that device, install the certificate.
       
      I'm looking for :
      a way to generate exe files on the fly, that will include the pfx file and password, and automatically install them without any interaction from the user, and the user not being able to retrieve the password to install the certificate.
       
      Question :
      Is this possible with AutoIT? And if so, does anyone have a working example for the certificate installation part or the auto generate with file include?
       
      Thx in advance
      colombeen
    • ur
      By ur
      Is there any library or api in Autoit to check whether a particular driver is signed or not and check for the certificate validity of the driver/catalog file if it is signed.?
       
    • SpinningCone
      By SpinningCone
      I'm trying to build a script to call some functions of a web service. I have found this example for doing SOAP ?do=embed' frameborder='0' data-embedContent> so I assume I can manually read out the wsdl file and figure out how to hand build a payload to do what I want ( I think, honestly this is all new to me).

      the problem I have is that the service requires authentication via client certificate. and I can't seem to find any example of how to use a webservice like that with autoit. I *might* have a basic auth option to access the service too but that's not 100% and even if I can I don't know how to do basic auth in autoit either.


      is this possible with autoit it (with either auth)? can anyone point me to some code?