CAPICOM - 验证签名代码是否来自受信任的发布者,无需 UI

发布于 2024-07-16 02:57:18 字数 294 浏览 12 评论 0原文

我在 .NET 3.0 C# 应用程序中使用 CAPICOM 来检查 exe 文件上的 Authenticode 签名。 我需要确保该证书被列为受信任的发布者。 如果证书尚未受信任,则使用 signedCode.Verify(true) 将显示一个对话框,以便用户可以选择是否这样做。 但是,signedCode.Verify(false) 正在验证签名,即使它不是来自受信任的发布者 - 大概这只是检查证书是否有效。

如何在没有 UI 的情况下检查文件上的签名是否来自有效且受信任的证书?

I'm using CAPICOM in a .NET 3.0 C# app to check an Authenticode signature on an exe file. I need to make sure that the certificate is listed as a Trusted Publisher. Using signedCode.Verify(true) will show a dialog if the certificate is not already trusted, so the user can choose whether or not to do so. However, signedCode.Verify(false) is verifying the signature even if it is not from a trusted publisher - presumably this is only checking that the certificate is valid.

How can I check that the signature on a file is from a valid and trusted certificate without the UI?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

夏至、离别 2024-07-23 02:57:18

首先,StrongNameSignatureVerificationEx用于程序集签名验证,而不是Authenticode签名验证。 因此,这与原始发帖者问题的背景无关。

关于最初的问题,您可以使用以下代码手动检查签名者证书是否正确链接到受信任的根,而无需任何 GUI:

ICertificateStatus certStatus = signedCode.Signer.Certificate.IsValid();

想法是检索签名者的证书并告诉 CAPICom 检查它是否具有正确的信任链。

我希望这个能帮上忙。
干杯,

Mounir IDRASSI,IDRIX,http://www.idrix.fr

First, StrongNameSignatureVerificationEx is for assembly signature verification and not Authenticode signature verification. So, this is not relevant to the context of original poster's question.

Concerning the initial question, you can manually check that the signer certificate is correctly chained to a trusted root without any GUI by using the following code :

ICertificateStatus certStatus = signedCode.Signer.Certificate.IsValid();

The idea is to retrieve the signer's certificate and to tell CAPICom to check if it has a correct trust chain.

I hope this will help.
Cheers,

Mounir IDRASSI, IDRIX, http://www.idrix.fr

把梦留给海 2024-07-23 02:57:18

您可能需要做的是使用通过 mscoree.dll 公开的StrongNameSignatureVerificationEx 函数与 P/Invoke:

[DllImport("mscoree.dll", CharSet=CharSet.Unicode)]
static extern bool StrongNameSignatureVerificationEx(string wszFilePath, bool fForceVerification, ref bool  pfWasVerified);

What you would probably need to do is to use exposed through the mscoree.dll StrongNameSignatureVerificationEx function with P/Invoke:

[DllImport("mscoree.dll", CharSet=CharSet.Unicode)]
static extern bool StrongNameSignatureVerificationEx(string wszFilePath, bool fForceVerification, ref bool  pfWasVerified);
¢蛋碎的人ぎ生 2024-07-23 02:57:18

您可以使用 WinVerifyTrust,如此处所示。 它在 Windows XP/Vista/2008/7 上运行良好。 如果您还想检查撤销列表集

RevocationChecks = WinTrustDataRevocationChecks.WholeChain;

You can use WinVerifyTrust as shown here. It works beautifully on Windows XP/Vista/2008/7. If you also want to check the revocation list set

RevocationChecks = WinTrustDataRevocationChecks.WholeChain;
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文