In addition to the signature and certificate chain, we should also verify the timestamp signature embedded in each Authenticode SignedData. Documentation for these is a little inconsistent, but they seem to be _mostly_ standard PKCS#9 countersignatures: * https://docs.microsoft.com/en-us/windows/win32/seccrypto/time-stamping-authenticode-signatures?redirectedfrom=MSDN osslsigncode's codebase will probably be helpful here.
In addition to the signature and certificate chain, we should also verify the timestamp signature embedded in each Authenticode SignedData.
Documentation for these is a little inconsistent, but they seem to be mostly standard PKCS#9 countersignatures:
osslsigncode's codebase will probably be helpful here.