How do I verify code signing certificates for executables, DLLs, and JARs?
Last reviewed: 9/10/2023
HowTo Article ID: H032311
The information in this article applies to:
- Chant Developer Workbench 2023
- AudioSearch 4
- GrammarKit 9
- KinesicsKit 7
- LexiconKit 9
- ProfileKit 9
- SpeechKit 12
- SpeechManager 3
- Talk&Listen 4
- VoiceMarkupKit 9
- VoiceXMLKit 6
Summary
Software publishers digitally update software files and executables with identifying certificates. This enables users to verify the authenticity and thwart the potential of malware.
More Information
Code signing software helps users verify software publisher identity to thwart potential malware. Executable, DLL, and JAR files can be signed to validate authenticity. It involves software publishers obtaining a code signing certificate from industry sanctioned providers and using utilities to sign the file with their certificate. Certificates are issued for specific time periods and expire. This is similar to the certificate process for websites but there are differences. Recently, the industry has implemented more stringent handling of code signing certificates. Software publishers now are required to maintain them in a secured cloud vault or on a secured hardware device.
Chant updated all its build processes to support a new code signing certificate issued under the latest industry secured practices.
Verify Executables and DLLs
To verify a code signing certificate for an executable and DLL file, right-click on the file to display its properties.
Select the Digital Signatures tab and press the Details button
Review the software publisher information to validate authenticity. Press the View Certificate button for additional details.
Verify the certificate details and expiration date.
Verify JARs
To verify a code signing certificate for a Java JAR file, use the Java JDK jarsigner utility to display the certificate information:
jarsigner -verify "C:\Program Files\Chant\SpeechKit 12\Java\libv17\speechkit.jar" -certs -verbose