Discuss this help topic in SecureBlackbox Forum

Get the timestamp of the PE file signature

When you check the signatures of the PE file, each signature may include a timestamp. To access the timestamp, made over the file signature, check Timestamp property of TElAuthenticodeSignature class. When the file is loaded all the timestamps are verified automatically. Check the Validity property for the veirification result. Check other properties of TElAuthenticodeTimestamp class for the details of the timestamp.

if (signature.Timestamp != null)
	Console.WriteLine("Timestamped by: " + (signature.Timestamp.SigningCertificate == null) ? "UNKNOWN" : signature.Timestamp.SigningCertificate.SubjectName.CommonName);
	Console.WriteLine("\t at: " + signature.Timestamp.SigningTime.ToLongDateString());

	if (signature.Timestamp.Validity != TSBAuthenticodeValidity.acvValid)
		Console.WriteLine("Verification error " + signature.Timestamp.Validity.ToString());

The certificates used for timestamping are included into Certificates property, and can be verified in the same way as the certificates, used for signing the file.

How To articles related to MS Authenticode

Discuss this help topic in SecureBlackbox Forum