locked
How to verify an executable against a digital certificate RRS feed

  • Question

  • I have a .Net executable which I have digitally signed using a certificate generated through makecert.exe and signed using signtool. How to verify that exe has not been tampered or it is still using the certificate digitally signed by me.

    For ex - A situation where anyone can replace the exe which is digitally signed by another certificate and placed into Trusted Root Authorities.

    From various internet sources I read that the below code would just check if the certificate is valid

               X509Certificate signer = X509Certificate.CreateFromSignedFile(executablePath);
                X509Certificate2 certificate = new X509Certificate2(signer);
                var certificateChain = new X509Chain
                {
                    ChainPolicy = {
    
                        RevocationFlag = X509RevocationFlag.EntireChain,
                        RevocationMode = X509RevocationMode.Online,
                        UrlRetrievalTimeout = new TimeSpan(0, 1, 0),
                        VerificationFlags = X509VerificationFlags.NoFlag
                    }
                };
                var chainIsValid = certificateChain.Build(certificate);
                if (chainIsValid)
                {}

    And it is suggested to use WinVerifyTrust. My question is WinVerifyTrust would also validate the certificate, if the same exe is signed by another certificate deployed in Trusted Root Authorities. How can I associate the exe with my certificate? Or how the WinVerifyTrust can be helpful in this situation as mentioned everywhere? Please help!!

    Thanks

    • Moved by Dave PatrickMVP Wednesday, March 13, 2019 12:39 PM looking for forum
    Wednesday, March 13, 2019 11:46 AM

Answers

All replies

  • I'd try asking for help over here.

    https://social.msdn.microsoft.com/Forums/en-US/home?category=vslanguages

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, March 13, 2019 12:38 PM
  • Posted the question in the forum given in the link. 

    Thanks

    Thursday, March 14, 2019 4:43 AM
  • You're welcome.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, March 14, 2019 12:45 PM