Skip to content

"Verify" command #17

@vcsjones

Description

@vcsjones

This command will verify the VSIX as closely as the VSIX installer does.

  1. That all digests in the manifest are correct.
  2. That all parts are signed except for the signature part.
  3. That the signature on the manifest is correct.
  4. That the certificate meets the following criteria:
    1. Has an EKU of 1.3.6.1.5.5.7.3.3
    2. That is can build a chain to the certificate.
    3. That if the certificate is expired, the timestamp is within the certificate validity period.
    4. VSIX installer does online revocation checking (perhaps make this a flag?) for all certificate except the root.
  5. If timestamped, validate the timestamp
  6. That the OPC signature algorithm is rsaWithSHA256

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions