uthenticode  1.0.4-f5071cd

uthenticode (stylized as μthenticode) is a small cross-platform library for verifying Authenticode digital signatures.


Authenticode is Microsoft's code signing technology, designed to allow signing and verification of programs.

μthenticode is a cross-platform reimplementation of the verification side of Authenticode. It doesn't attempt to provide the signing side.


Because the official APIs (namely, the Wintrust API) for interacting with Authenticode signatures are baked deeply into Windows, making it difficult to verify signed Windows executables on non-Windows hosts.

Other available solutions are deficient:


μthenticode is not identical to the Wintrust API. Crucially, it cannot perform full-chain verifications of Authenticode signatures, as it lacks access to the Trusted Publishers store.

You should use μthenticode to verify the embedded chain. You should not assume that a "verified" binary from μthenticode's perspective will run on an unmodified Windows system.


μthenticode depends on pe-parse and OpenSSL 1.1.0.

pe-parse (and OpenSSL, if you don't already have it) can be installed via vcpkg:

$ vcpkg install pe-parse

The rest of the build is standard CMake:

$ mkdir build && cd build
$ cmake ..
$ cmake --build .
# the default install prefix is the build directory;
# use CMAKE_INSTALL_PREFIX to modify it
$ cmake --build . --target install

If you have doxygen installed, you can build μthenticode's documentation with the top-level Makefile:

$ make doc

Pre-built (master) documentation is hosted here.

You can build the (gtest-based) unit tests with -DBUILD_TESTS=1.


μthenticode's public API is documented in uthenticode.h and in the Doxygen documentation (see above).

The svcli utility also provides a small example of using μthenticode's APIs. You can build it by passing -DBUILD_SVCLI=1 to cmake:

$ cmake -DBUILD_SVCLI=1 ..
$ cmake --build .
$ ./src/svcli/svcli /path/to/some.exe


The following resources were essential to uthenticode's development: