How to verify vc_redist.x64.exe with osslsigncode?

Ask Question

Asked 11 months ago

Modified 11 months ago

Viewed 119 times

osslsigncode verify VirtualBox-7.1.0-164728-Win.exe: Functional.

osslsigncode verify vc_redist.x64.exe: Broken.

Why? How to fix?

Full logs below.

Debian 12.

Functional:

osslsigncode verify VirtualBox-7.1.0-164728-Win.exe

Current PE checksum   : 0698F8DE
Calculated PE checksum: 0698F8DE

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 219D775E1F63FD2734FDB97D7EE67A17488B0E18B9A294114F7E17D8834B597F 
Calculated message digest : 219D775E1F63FD2734FDB97D7EE67A17488B0E18B9A294114F7E17D8834B597F 

Signer's certificate:
        Signer #0:
                Subject: /C=US/ST=California/L=Redwood City/O=Oracle America, Inc./CN=Oracle America, Inc.
                Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
                Serial : 060E2F8F9E1B8BE518D5FE2B69CFCCB1
                Certificate expiration date:
                        notBefore : Mar  9 00:00:00 2023 GMT
                        notAfter : Mar 11 23:59:59 2025 GMT

Number of certificates: 2
        Signer #0:
                Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
                Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
                Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
                Certificate expiration date:
                        notBefore : Apr 29 00:00:00 2021 GMT
                        notAfter : Apr 28 23:59:59 2036 GMT
        ------------------
        Signer #1:
                Subject: /C=US/ST=California/L=Redwood City/O=Oracle America, Inc./CN=Oracle America, Inc.
                Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
                Serial : 060E2F8F9E1B8BE518D5FE2B69CFCCB1
                Certificate expiration date:
                        notBefore : Mar  9 00:00:00 2023 GMT
                        notAfter : Mar 11 23:59:59 2025 GMT

Authenticated attributes:
        Message digest algorithm: SHA256
        Message digest: 780A2C240E94C6A520FBA4EBA7ADC02D5DB11B0F223CD3F202A4F11A56F73A7A 
        Signing time: N/A
        Microsoft Individual Code Signing purpose

The signature is timestamped: Sep  6 22:12:04 2024 GMT
Hash Algorithm: sha256
Timestamp Verified by:
                Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
                Serial : 0544AFF3949D0839A6BFDB3F5FE56116

CAfile: /etc/ssl/certs/ca-certificates.crt
TSA's certificates file: /etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
TSA's CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl

Timestamp Server Signature verification: ok
Signature verification time: Sep  6 22:12:04 2024 GMT
Signature verification: ok

Number of verified signatures: 1
Succeeded

Broken:

osslsigncode verify vc_redist.x64.exe

Current PE checksum   : 0187CD76
Calculated PE checksum: 0187CD76

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 870E96D39FD03180C74AE4BCC1C4B6203AF36AABDAC37210773C127F37393036 
Calculated message digest : 870E96D39FD03180C74AE4BCC1C4B6203AF36AABDAC37210773C127F37393036 

Signer's certificate:
        Signer #0:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2011
                Serial : 3300000403BDD5955D0F3B18AD000000000403
                Certificate expiration date:
                        notBefore : Sep 12 20:11:13 2024 GMT
                        notAfter : Sep 11 20:11:13 2025 GMT

Number of certificates: 2
        Signer #0:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2011
                Serial : 3300000403BDD5955D0F3B18AD000000000403
                Certificate expiration date:
                        notBefore : Sep 12 20:11:13 2024 GMT
                        notAfter : Sep 11 20:11:13 2025 GMT
        ------------------
        Signer #1:
                Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2011
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011
                Serial : 610E90D2000000000003
                Certificate expiration date:
                        notBefore : Jul  8 20:59:09 2011 GMT
                        notAfter : Jul  8 21:09:09 2026 GMT

Authenticated attributes:
        Message digest algorithm: SHA256
        Message digest: C21A9171ECEC5F60ADFB1DDFF81B447D8B810D6A893F604E7C3D50849E3719DD 
        Signing time: N/A
        Microsoft Individual Code Signing purpose
        URL description: http://www.microsoft.com
        Text description: Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433

The signature is timestamped: Oct 29 12:03:40 2024 GMT
Hash Algorithm: sha256
Timestamp Verified by:
                Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Time-Stamp PCA 2010
                Serial : 33000001F91F678D75ABA4F1B10001000001F9

CAfile: /etc/ssl/certs/ca-certificates.crt
TSA's certificates file: /etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

CMS_verify error
4049E3FCAC7E0000:error:17000064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:289:Verify error: unable to get local issuer certificate
Timestamp Server Signature verification: failed

PKCS7_verify error
4049E3FCAC7E0000:error:10800075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:295:Verify error: unable to get local issuer certificate
Signature verification: failed

Number of verified signatures: 1
Failed
zsh: exit 1     osslsigncode verify vc_redist.x64.exe

edited Dec 2, 2024 at 9:44

muru

78.3k16 gold badges214 silver badges320 bronze badges

asked Dec 2, 2024 at 9:34

adrelanos

1,9767 gold badges33 silver badges62 bronze badges

It would be worth reporting an issue about this to get an accurate answer (and, if it turns out to be a bug in osslsigncode, hopefully get it fixed).

Stephen Kitt
– Stephen Kitt

2024-12-02 10:11:28 +00:00
Commented Dec 2, 2024 at 10:11

Add a comment |

0 You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Stack Exchange Network

How to verify vc_redist.x64.exe with osslsigncode?

0

You must log in to answer this question.

Hot Network Questions

How to verify vc_redist.x64.exe with osslsigncode?

0

You must log in to answer this question.

Related

Hot Network Questions