signtool works on Windows 2016 Server but not on Windows 7

G

GopinathSadasivam

The same signed vbscript when verified with signtool works with Windows 2016 Server but fails with Windows 7

From Win 7, where signtool fails:
c:>signtool.exe verify /pa /v myscript.vbs


Verifying: myscript.vbs
Hash of file (sha256): 16F0CDEA1E314AA9B3460421620793A485AB9064E27019E1C9B627A20
12F2630



Signing Certificate Chain:
Issued to: AAA Certificate Services
Issued by: AAA Certificate Services
Expires: Mon Jan 01 05:29:59 2029
SHA1 hash: D1EB23A46D17D68FD92564C2F1F1601764D8E349



Issued to: USERTrust RSA Certification Authority
Issued by: AAA Certificate Services
Expires: Mon Jan 01 05:29:59 2029
SHA1 hash: D89E3BD43D5D909B47A18977AA9D5CE36CEE184C



Issued to: Sectigo RSA Code Signing CA
Issued by: USERTrust RSA Certification Authority
Expires: Wed Jan 01 05:29:59 2031
SHA1 hash: 94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66



Issued to: My Company Group Limited
Issued by: Sectigo RSA Code Signing CA
Expires: Mon Feb 28 05:29:59 2022
SHA1 hash: D5B34FFFE99E3F2C7F83C53BEF7CC65E8FA4ABE5



The signature is timestamped: Wed May 13 14:33:01 2020
Timestamp Verified by:
Issued to: Entrust.net Certification Authority (2048)
Issued by: Entrust.net Certification Authority (2048)
Expires: Tue Jul 24 19:45:12 2029
SHA1 hash: 503006091D97D4F5AE39F7CBE7927D7D652D3431



Issued to: Entrust Timestamping CA - TS1
Issued by: Entrust.net Certification Authority (2048)
Expires: Sat Jun 23 01:02:54 2029
SHA1 hash: 58C71A4AE63E768CA510C54EB7A06E30EF8E42E9



Issued to: Entrust Time Stamping Authority
Issued by: Entrust Timestamping CA - TS1
Expires: Sun Jan 06 02:33:23 2030
SHA1 hash: 4E4DCE57B9F7A48658ED6F3272162B34F85E69BD



SignTool Error: WinVerifyTrust returned error: 0x80096010
The digital signature of the object did not verify.



Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1



-------------


A working Sample from Windows 2016 Server

c:\>signtool.exe verify /pa /v myscript.vbs


Verifying: myscript.vbs



Signature Index: 0 (Primary Signature)
Hash of file (sha256): 16F0CDEA1E314AA9B3460421620793A485AB9064E27019E1C9B627A2012F2630



Signing Certificate Chain:
Issued to: USERTrust RSA Certification Authority
Issued by: USERTrust RSA Certification Authority
Expires: Tue Jan 19 05:29:59 2038
SHA1 hash: 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E



Issued to: Sectigo RSA Code Signing CA
Issued by: USERTrust RSA Certification Authority
Expires: Wed Jan 01 05:29:59 2031
SHA1 hash: 94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66



Issued to: My Company Group Limited
Issued by: Sectigo RSA Code Signing CA
Expires: Mon Feb 28 05:29:59 2022
SHA1 hash: D5B34FFFE99E3F2C7F83C53BEF7CC65E8FA4ABE5



The signature is timestamped: Wed May 13 14:33:01 2020
Timestamp Verified by:
Issued to: Entrust.net Certification Authority (2048)
Issued by: Entrust.net Certification Authority (2048)
Expires: Tue Jul 24 19:45:12 2029
SHA1 hash: 503006091D97D4F5AE39F7CBE7927D7D652D3431



Issued to: Entrust Timestamping CA - TS1
Issued by: Entrust.net Certification Authority (2048)
Expires: Sat Jun 23 01:02:54 2029
SHA1 hash: 58C71A4AE63E768CA510C54EB7A06E30EF8E42E9



Issued to: Entrust Time Stamping Authority
Issued by: Entrust Timestamping CA - TS1
Expires: Sun Jan 06 02:33:23 2030
SHA1 hash: 4E4DCE57B9F7A48658ED6F3272162B34F85E69BD




Successfully verified: oainstall.vbs



Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0




---------------------


What could be the reason?

Thanks for reading this!

Continue reading...
 
Back
Top Bottom