0

I would like to verify the digital signature of calling application ( .Exe file ) using Java API, i could see similar question posted for this but its unanswered

Java program to verify digital signature signed by signtool

In short I am looking for a Java option of below commands to verify signature of abc.exe

Powershell: 

powershell get-process -Id pid | select -Expand modules|select -expand filename

pid is the process id of the abc.exe file here.

signtool:

signtool.exe verify /v abc.exe
Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Yogesh_JavaJ2EE
  • 63
  • 1
  • 9
  • How about executing it and then getting the output? http://stackoverflow.com/questions/2007425/get-output-from-a-process – Dan Field Jun 15 '16 at 12:21
  • Thanks @DanField for quick response, i already did this by spawning a process of singtool.exe / powershell then capturing the output, but our Security Architect has not approved it saying "spawning new process" is not a secure option and we should use JAVA API – Yogesh_JavaJ2EE Jun 15 '16 at 12:32
  • Don't think you're going to find a Java API - signtool is part of the Windows SDK, there's likely a Windows API call for it that you might be able to use JNI to call if you can find the documentation for it... – Dan Field Jun 15 '16 at 12:40
  • Our SecureBlackbox (Java edition) includes Authenticode classes that let you sign and verify signatures of PE files (EXE and DLLs). – Eugene Mayevski 'Callback Jun 15 '16 at 14:58
  • Thanks DanField for your comments. Thanks @EugeneMayevski'EldoSCorp for sharing the details about your JDK. Could you please let us know if these security jars are available for download, so that i can download and import in my project – Yogesh_JavaJ2EE Jun 17 '16 at 10:26
  • @Yogesh_JavaJ2EE yes, you can download SecureBlackbox on https://www.eldos.com/sbb/download-release.php – Eugene Mayevski 'Callback Jun 17 '16 at 12:38

0 Answers0