Checking codesigning

Is there a commandline (for running via the shell) to check if your .exe is correctly code signed ?

Does this Microsoft document help?

This needs the SignTool to be installed on the users system.
I need a way to check the codesign on every system.

[quote=163419:@Christoph De Vocht]This needs the SignTool to be installed on the users system.
I need a way to check the codesign on every system.[/quote]

On Mac use codesign https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/codesign.1.html
On Windows install Visual Basic and this will install Signtool https://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.110).aspx

I am not aware of anything cross platform.

Out of curiosity, Christoph, why do you need to do this?

To check if the .Exe has been patched.
I know if this is the case, the user is prompted with it being ‘patched’ but he can still launch the .Exe
When doing a random check yourself when the app is running you can do things accordingly.

BTW found a way: cscheck.exe
Found here : http://forum.exkode.com/index.php?topic=1037.0

[quote=163525:@Christoph De Vocht]To check if the .Exe has been patched.
I know if this is the case, the user is prompted with it being ‘patched’ but he can still launch the .Exe
When doing a random check yourself when the app is running you can do things accordingly.

BTW found a way: cscheck.exe
Found here : http://forum.exkode.com/index.php?topic=1037.0[/quote]

Thank you for posting that. It does detect when codesign is not valid, and you can also check against the sha. Amazing that the post at exkode did not get a single reply since october.

About Windows and digital signature, Windows 10 is getting a lot tougher against unsigned executables. Instead of the infamous yellow dialog, now SmartScreen requires you to enter the administrator password to run.

Guess any serious developer will have to sign his executable, now, if he wants to avoid people getting scared. Incidentally, that too is a good protection against a patched version.

That is already the case with 8.1 (if I am not mistaken).

About certificate:
I took me about 9 working days to get a Windows codesign license verified. Tons of mails and calls with Comodo. It was very troublesome to say the least.