pure-php implementation of authenticode verifier.
- authenticode hash (PE32/PE32+)
- signedData integrity
- timestamping (simple countersignature/RFC 3161)
- certificate chain engine with validation:
- signature (RSA/ECDSA with SHA-1/2)
- validity period
- keyUsage/extKeyUsage
- basicConstraints (CA)
require_once "Authenticode.php";
$acVerifier = new Authenticode($pathToPE);
var_dump($acVerifier->isValid());php tools/verifyAC.php /path/to/PEcertificates (pem format) in trusted/codesigning are trusted as root CA
- CRL validation
- CRL loader
- CRL parser/validator
- validate certificate with CRL
- OCSP support
- OCSP client
- validate certificate with OCSP result
- basicConstraints (pathlen)
- restrict usage of CA certificates