function ISSigVerify(const AllowedKeysRuntimeIDs: TStringList; const Filename: String; const VerifyFilename: Boolean; const KeepOpen: Boolean): TFileStream;
Verifies the signature of the specified file using the specified allowed keys, looked up using [ISSigKeys] section parameter RuntimeID. To allow all keys set AllowedKeysRuntimeIDs to nil. An exception will be raised upon failure.
If VerifyFilename is set to False the verification allows signatures for a different filename. It is recommended that you only set it to False if you don't know the name the file had when the signature was created. The size and hash of the file must always match.
Returns a handle to the still open file if KeepOpen is set to True, nil otherwise. It is recommended that you always set it to True if you plan to use the file for anything after verification. Otherwise, you risk creating a Time-Of-Check to Time-Of-Use (TOCTOU) problem.
var
F: TFileStream;
begin
F := ISSigVerify([], Filename, True);
try
// Use file
finally
F.Free;
end;
end;.issig Signatures: Introduction
DownloadTemporaryFileWithISSigVerify