"Verify" command

[vcsjones]

This command will verify the VSIX as closely as the VSIX installer does.

1. That all digests in the manifest are correct.
2. That all parts are signed except for the signature part.
3. That the signature on the manifest is correct.
4. That the certificate meets the following criteria:
   1. Has an EKU of 1.3.6.1.5.5.7.3.3
   2. That is can build a chain to the certificate.
   3. That if the certificate is expired, the timestamp is within the certificate validity period.
   4. VSIX installer does online revocation checking (perhaps make this a flag?) for all certificate except the root.
5. If timestamped, validate the timestamp
6. That the OPC signature algorithm is rsaWithSHA256

[ganesanviji]

Hi,

I have signed the VSIX by using this tool, but I can't verify the VSIX by using this tool. Could you please suggest me how can I verify the VSIX using this tool

[vcsjones]

Microsoft's official vsixsigntool has a verify command. https://docs.microsoft.com/en-us/visualstudio/extensibility/signing-vsix-packages?view=vs-2019

[ganesanviji]

Hi @vcsjones

But this command is not working. Show the error like, Could not validate the VSIX. Also, Microsoft tool is not supported for the private key signing

https://developercommunity.visualstudio.com/comments/57884/view.html

So, it would be very great for verify command in this tool.