当我们签署 exe 时会发生什么?
使用 VeriSign 对 exe 进行签名后,如果右键单击 exe,我们可以看到“数字签名”选项卡,其中提供有关证书的信息。这些信息到底将存储在哪里?我的意思是操作系统如何知道哪个证书与哪个文件相关?签名时exe中是否嵌入了任何内容?如何编写 C# 代码从签名的 exe 中提取证书?
非常感谢任何帮助。
更新 : 我解决了问题,尽管我无法找到证书与程序集的关系如何存储。我们可以通过传递程序集路径来创建 X509Certificate 对象。我的任务是获取序列号和所有者。以下是我为此编写的代码。
X509Certificate cert = X509Certificate.CreateFromSignedFile("Solo4Orchestra.exe");
MessageBox.Show(cert.Subject.Split(new char[1]{','})[3].Replace("O=",""));
MessageBox.Show(cert.GetSerialNumberString());
谢谢。 昭惠
After signing exe by using VeriSign, if we right click to exe we can see "digital signature" tab which gives information about certificate. Where exactly this information will be stored? I mean how operating system will come to know which certificate is related to which file? Is there anything embed inside exe while signing? How can I write c# code to extract certificate from signed exe?
Any help is greatly appreciated.
Update :
I solved problem though I was not able to find how exactly certificate relationship with assembly stored. We can create X509Certificate object by passing assembly path. My task was to just get serial number and owner. Following code I wrote for this.
X509Certificate cert = X509Certificate.CreateFromSignedFile("Solo4Orchestra.exe");
MessageBox.Show(cert.Subject.Split(new char[1]{','})[3].Replace("O=",""));
MessageBox.Show(cert.GetSerialNumberString());
Thanks.
Akie
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Windows Authenticode 可移植可执行签名格式可能会为您提供一些有关二进制格式的信息。
有一个用于检查签名的 Windows API,CryptQueryObject()。也许还有一个 .NET API 可以实现这一点,但显然不是:一篇相关的 MSDN 文章,其中包含用于获取撤销列表的示例代码,也使用了 Windows API 调用,如下所示: 如何从 CRL (.NET) 获取信息(可能是一个很好的起点,因为它实现了该函数的包装器)。
Windows Authenticode Portable Executable Signature Format might give you some information on the binary format.
There is a Windows API for checking the signature, CryptQueryObject(). Maybe there is also a .NET API for that but apparently not: A related MSDN article with sample code to get revocation list also uses Windows API calls as it seems: How to get information from a CRL (.NET) (might be a good starting point as it implements a wrapper for that function).
如上所述,它是Authenticode签名格式。据我所知,我们的 PKIBlackbox 组件是唯一支持 Authenticode 的组件(两者.NET 中的签名和验证)。
As mentioned above, it's Authenticode signature format. As far as I know our PKIBlackbox components are the only ones to support Authenticode (both signing and verification) in .NET.