I can check this though signtool.exe and it results in the text output though below command.

signtool.exe verify /v /pa "C:\test\ftdiport.cat"

And this result the output in verbose mode in command prompt or we can redirect it to a text file as below.



Verifying: C:\Users\ur00361883\Desktop\ftdiport.cat

Signing Certificate Chain:
Issued to: Class 3 Public Primary Certification Authority

Issued by: Class 3 Public Primary Certification Authority

Expires: 8/2/2028 5:29:59 AM

SHA1 hash: 742C3192E607E424EB4549542BE1BBC53E6174E2


Issued to: VeriSign Class 3 Code Signing 2004 CA

Issued by: Class 3 Public Primary Certification Authority

Expires: 7/16/2014 5:29:59 AM

SHA1 hash: 197A4AEBDB25F0170079BB8C73CB2D655E0018A4


Issued to: Future Technology Devices International Ltd

Issued by: VeriSign Class 3 Code Signing 2004 CA

Expires: 9/30/2010 5:29:59 AM

SHA1 hash: 029E8FF6146EE9AEDA68092AB030057165B73A20


The signature is timestamped: 3/31/2010 6:10:55 PM

Timestamp Verified by:
Issued to: Thawte Timestamping CA

Issued by: Thawte Timestamping CA

Expires: 1/1/2021 5:29:59 AM

SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656


Issued to: VeriSign Time Stamping Services CA

Issued by: Thawte Timestamping CA

Expires: 12/4/2013 5:29:59 AM

SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D


Issued to: VeriSign Time Stamping Services Signer - G2

Issued by: VeriSign Time Stamping Services CA

Expires: 6/15/2012 5:29:59 AM

SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE


Successfully verified: C:\Users\ur00361883\Desktop\ftdiport.cat


Number of files successfully Verified: 1

Number of warnings: 0

Number of errors: 0


One option is to parse this file and I need to get below details.

Catalog file is Signed/Unsigned and Certificate issued for it and its expiry date.

Is there any option like some libraries instead of parsing this text file whether in c#,vbscript,autoit or powershell or any platform.

If no option, please guide me on how to parse this output.

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0
Answered 08/26/2015 by: jagadeish
Red Belt

  • Hi jagadeish,

    Thanks for the tool.But again we need to parse the output as a string data.But is there any direct dll or API to read the content.

    If no option, please guide me on how to parse this output.
  • Hi Jagadeish,
    Can you help me hoe to get Certificate issued by and Certificate expiry date of the catalog.
  • Sigcheck is showing a catalog as unsigned if it is signed also but if it is not trusted.How to differentiate it?
    • ok. did you see this link
      http://www.pinvoke.net/default.aspx/wintrust.winverifytrust
      http://www.pinvoke.net/default.aspx/wintrust.IsCatalogFile
Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share