SignatureInfo is a Total Commander content plugin (WDX) that provides various pieces of information about digital signatures embedded in files like EXE, DLL, MSI, MSU and so on (Authenticode). It can also find and process signatures stored in external catalog (CAT) files.

Just like any content plugin it can be used in TC's custom columns, search function, tooltips and so on. See TC Wiki for more information.


1. Features

2. System Requirements

3. Plugin settings

3.1. Location of plugin settings files

Since this plugin is a content plugin, it returns a so-called detect string to TC. This string is saved in wincmd.ini and can be edited and customized if necessary. See next section below.

The plugin has additional settings which are saved in a different file. If you want to change any plugin settings you can do so in either

The first option is good for portable mode, the latter option is useful on systems where Total Commander is installed in a directory where users can't write to (like %ProgramFiles%).

Important: If SignatureInfo.ini exists in the plugin's directory it takes precedence over contplug.ini!

3.2. Detect string

TC calls plugin functions depending on a detect string which consists of any combination of various file properties like file extensions, sizes and others. By default this plugin's detect string contains file extensions only. Exemplary detect string:

n_detect="EXT = "EXE" | EXT="DLL" | EXT="SYS" ..."

where n is the number assigned by TC to the plugin. If you need to add or remove file extensions, you can do so in wincmd.ini. Open wincmd.ini in your favorite editor, look for the plugin number assigned by TC in section [ContentPlugins], then look for the detect string starting with that same number, and make changes to the plugin's detect string as you see fit. Note that opening a new TC instance (or a TC restart) is required to apply any changes.
The TC Wiki article ContentGetDetectString is a good starting point if you need to make major changes to the detect string.

3.3. The settings in detail

The settings are explained in the SignatureInfo.sample.ini file, but they're also listed here for reference.

Section [SignatureInfo]

Setting and default Description
SignatureCount = 3 Defines the number of signatures to provide in TC's interface. Values smaller than 1 are internally reset to 1. The plugin doesn't enforce an upper limit currently. Setting this to a larger value allows access to more signatures contained in files, but it may also make the field selection in TC cumbersome and/or confusing since there are more than a dozen content fields for each signature.
SerialCase = 0 0 - Don't change the case of the certificate's serial, i.e. leave it to the OS or plugin functions (usually uppercase)
1 - Always show the certificate's serial in uppercase characters
-1 - Always show the certificate's serial in lowercase characters
ThumbprintCase = 0 Set Thumbprint case. Same values as for SerialCase setting, see above.
CacheSize = 4000 Set the maximum number of items to cache in memory to allow TC fast access to the plugin field values. Values equal to or smaller than 0 are ignored.
ClearCacheOnRefresh = 1 1 - Flush the cache when the cm_RereadSource command is issued in TC, e.g. by pressing Ctrl+R. This forces a refresh on all plugin field values, including the signature's verification status if such a field is present in a custom column.
0 - Don't clear the cache on cm_RereadSource. Note that, even with cache flushing disabled, items will still be removed from the cache once CacheSize is reached.
CriticalExtensionPrefix = "(!)" Sets the prefix that is shown for the "Cert Extensions" fields if an extension's critical flag is set. By default the value is an exclamation mark in parentheses, more or less a textual representationn of the warning icon shown by Windows in the certificate properties. Set to an empty string to disable the prefix completely.
VerificationOnDemandOnly = 0 This setting defines the behavior of the "Verification" plugin field/column.
0 - Verification is done automatically in a background thread for every file requested by TC.
1 - Verification is done on user request only, i.e. if a user presses the space bar on a file.
MaxFileSizeToHash = 20480 This setting needs some explanation. To be able to find an external catalog signature a file must be read and hashed. The hash is then used to try to find a catalog which signs the file. Reading and hashing files is slow, especially for large files! This setting specifies the maximum size, in KiB, of files to be considered to be hashed. Files larger than this size won't be hashed, and the "Catalog File" field will indicate if this limit is hit (by setting it to "File Size!").
Set the value to -1 to disable the limit and hash files regardless of size. Note that hashing every file is slow, especially for large and/or huge files!
This setting doesn't affect finding embedded signatures, it's only about catalog signatures.
CheckFilesWithEmbeddedSigsForCatalogs = 1 1 - Try to find catalog signatures for a file even if it has embedded signatures.
0 - Don't try to find external catalog signatures for files with embedded signatures.

Note: This setting doesn't affect files without an embedded signature. If no embedded signature was found, the plugin will try to find an external catalog signature (limited only by MaxFileSizeToHash setting).

4. Signature verification

Signature verification can take a long time in some cases, especially when that verification requires an internet connection. Thus, the values of the verification fields are returned to TC in a background thread.

The hex error codes given by the plugin are system error codes, and as such, are defined in the Windows API header file winerror.h. This header file isn't particularly user-friendly because it's meant for software developers. Here's an example of this file at GitHub, where you can look up the error codes if you really want to.

Unfortunately, I haven't found a Microsoft source listing the error codes in a user-friendly way. But I have found a third-party source. All error codes related to signatures/certificates should be listed on the following two pages:
FACILITY_SSPI: the Security API layer.
FACILITY_CERT: a certificate client or server?

5. Known issues and limitations

5.1. Known Issues

5.2. Limitations

6. Frequently Asked Questions

Why is the plugin showing a different value for the Public Key Length, e.g. 4208 instead of 4096 or 2160 instead of 2048?

There are some good explanations in the answers of the following thread on StackExchange: RSA public key and private key lengths.

The gist of it is this: A public key consists of a so-called modulus, an exponent and some other values. What is usually called a "4096 bit key" is a key having a 4096 bit modulus, and some additional bytes. That's why most (if not all) of the keys are longer in reality.
To show the traditional value, the plugin provides an additional field "Pubkey Len2". However, that field has its own limitations, see Limitations for more information.

Why is the field "Pubkey Len2" empty, not providing any value?

See Limitations in section "Known issues and limitations" above.

The field "Catalog File" shows "File Size!". What does it mean?

See setting MaxFileSizeToHash in section "Plugin settings" above.

7. License

This software is provided "as is". No warranty provided. You use this program at your own risk. The author will not be responsible for data loss, damages, etc. while using or misusing this software.

The software must not be modified, you may not decompile or disassemble it.

This plugin is copyrighted freeware.

8. Thanks to

9. Contact

If you have found a bug, have a suggestion, improvement, criticism, translation, you can contact me, Dalai, in English or German, at:

Please put "SignatureInfo" somewhere in the subject.

There is a discussion thread in the official TC forum which can be used, too: