.net - verifying digital signature in c# -
i have signed "dll" file want validate digital signature in run time ("before i'm loading it")
i have public key of certificate embedded in code, there way "message digest" digital signature? or way validate file hasn't manipulated?
i don't want check "ca" , other attributes of certificate because malicious user can create certificate same attributes
*note don't want user signtool :)
there job cryptoapi , p/invoke (i don't know how extract authenticode signature .net). here code example of meant in comment:
using system; using system.componentmodel; using system.runtime.interopservices; using system.security.cryptography.pkcs; namespace clrsignatures { class program { static void main(string[] args) { intptr phcertstore = intptr.zero; intptr phmsg = intptr.zero; intptr ppvcontext = intptr.zero; int pdwmsgandcertencodingtype = 0; int pdwcontenttype = 0; int pdwformattype = 0; if (!crypt32.cryptqueryobject( wincrypt.cert_query_object_file, args[0], wincrypt.cert_query_content_flag_all, wincrypt.cert_query_format_flag_all, 0, ref pdwmsgandcertencodingtype, ref pdwcontenttype, ref pdwformattype, ref phcertstore, ref phmsg, ref ppvcontext )) { console.writeline((new win32exception(marshal.getlastwin32error())).message); return; } int pcbdata = 0; if (!crypt32.cryptmsggetparam(phmsg, wincrypt.cmsg_encoded_message, 0, null, ref pcbdata)) { console.writeline((new win32exception(marshal.getlastwin32error())).message); return; } byte[] pvdata = new byte[pcbdata]; crypt32.cryptmsggetparam(phmsg, wincrypt.cmsg_encoded_message, 0, pvdata, ref pcbdata); var signedcms = new signedcms(); signedcms.decode(pvdata); try { signedcms.checksignature(false); console.writeline("signature check passed"); } catch (exception e) { console.writeline(e.message); } { crypt32.cryptmsgclose(phmsg); crypt32.certclosestore(phcertstore, 0); } } } static class wincrypt { // source type public const int cert_query_object_file = 1; // object type const int cert_query_content_cert = 1; const int cert_query_content_ctl = 2; const int cert_query_content_crl = 3; const int cert_query_content_serialized_store = 4; const int cert_query_content_serialized_cert = 5; const int cert_query_content_serialized_ctl = 6; const int cert_query_content_serialized_crl = 7; const int cert_query_content_pkcs7_signed = 8; const int cert_query_content_pkcs7_unsigned = 9; const int cert_query_content_pkcs7_signed_embed = 10; const int cert_query_content_pkcs10 = 11; const int cert_query_content_pfx = 12; const int cert_query_content_cert_pair = 13; const int cert_query_content_flag_cert = (1 << cert_query_content_cert); const int cert_query_content_flag_ctl = (1 << cert_query_content_ctl); const int cert_query_content_flag_crl = (1 << cert_query_content_crl); const int cert_query_content_flag_serialized_store = (1 << cert_query_content_serialized_store); const int cert_query_content_flag_serialized_cert = (1 << cert_query_content_serialized_cert); const int cert_query_content_flag_serialized_ctl = (1 << cert_query_content_serialized_ctl); const int cert_query_content_flag_serialized_crl = (1 << cert_query_content_serialized_crl); const int cert_query_content_flag_pkcs7_signed = (1 << cert_query_content_pkcs7_signed); const int cert_query_content_flag_pkcs7_unsigned = (1 << cert_query_content_pkcs7_unsigned); const int cert_query_content_flag_pkcs7_signed_embed = (1 << cert_query_content_pkcs7_signed_embed); const int cert_query_content_flag_pkcs10 = (1 << cert_query_content_pkcs10); const int cert_query_content_flag_pfx = (1 << cert_query_content_pfx); const int cert_query_content_flag_cert_pair = (1 << cert_query_content_cert_pair); public const int cert_query_content_flag_all = cert_query_content_flag_cert | cert_query_content_flag_ctl | cert_query_content_flag_crl | cert_query_content_flag_serialized_store | cert_query_content_flag_serialized_cert | cert_query_content_flag_serialized_ctl | cert_query_content_flag_serialized_crl | cert_query_content_flag_pkcs7_signed | cert_query_content_flag_pkcs7_unsigned | cert_query_content_flag_pkcs7_signed_embed | cert_query_content_flag_pkcs10 | cert_query_content_flag_pfx | cert_query_content_flag_cert_pair; // format type const int cert_query_format_binary = 1; const int cert_query_format_base64_encoded = 2; const int cert_query_format_asn_ascii_hex_encoded = 3; const int cert_query_format_flag_binary = 1 << cert_query_format_binary; const int cert_query_format_flag_base64_encoded = 1 << cert_query_format_base64_encoded; const int cert_query_format_flag_asn_ascii_hex_encoded = 1 << cert_query_format_asn_ascii_hex_encoded; public const int cert_query_format_flag_all = cert_query_format_flag_binary | cert_query_format_flag_base64_encoded | cert_query_format_flag_asn_ascii_hex_encoded; public const int cmsg_encoded_message = 29; } static class crypt32 { [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)] public static extern bool cryptqueryobject( int dwobjecttype, [marshalas(unmanagedtype.lpwstr)] string pvobject, int dwexpectedcontenttypeflags, int dwexpectedformattypeflags, int dwflags, ref int pdwmsgandcertencodingtype, ref int pdwcontenttype, ref int pdwformattype, ref intptr phcertstore, ref intptr phmsg, ref intptr ppvcontext ); [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)] public static extern bool cryptmsggetparam( intptr hcryptmsg, int dwparamtype, int dwindex, byte[] pvdata, ref int pcbdata ); [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)] public static extern bool cryptmsgclose( intptr hcryptmsg ); [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)] public static extern bool certclosestore( intptr hcertstore, int dwflags ); } }
p.s. note have reference system.security
assembly. args[0]
receives path dll file.
Comments
Post a Comment