.net - verifying digital signature in c# -


i have signed "dll" file want validate digital signature in run time ("before i'm loading it")

i have public key of certificate embedded in code, there way "message digest" digital signature? or way validate file hasn't manipulated?

i don't want check "ca" , other attributes of certificate because malicious user can create certificate same attributes

*note don't want user signtool :)

there job cryptoapi , p/invoke (i don't know how extract authenticode signature .net). here code example of meant in comment:

using system; using system.componentmodel; using system.runtime.interopservices; using system.security.cryptography.pkcs;  namespace clrsignatures {     class program {         static void main(string[] args) {             intptr phcertstore = intptr.zero;             intptr phmsg = intptr.zero;             intptr ppvcontext = intptr.zero;             int pdwmsgandcertencodingtype = 0;             int pdwcontenttype = 0;             int pdwformattype = 0;             if (!crypt32.cryptqueryobject(                 wincrypt.cert_query_object_file,                 args[0],                 wincrypt.cert_query_content_flag_all,                 wincrypt.cert_query_format_flag_all,                 0,                 ref pdwmsgandcertencodingtype,                 ref pdwcontenttype,                 ref pdwformattype,                 ref phcertstore,                 ref phmsg,                 ref ppvcontext             )) {                 console.writeline((new win32exception(marshal.getlastwin32error())).message);                 return;             }             int pcbdata = 0;             if (!crypt32.cryptmsggetparam(phmsg, wincrypt.cmsg_encoded_message, 0, null, ref pcbdata)) {                 console.writeline((new win32exception(marshal.getlastwin32error())).message);                 return;             }             byte[] pvdata = new byte[pcbdata];             crypt32.cryptmsggetparam(phmsg, wincrypt.cmsg_encoded_message, 0, pvdata, ref pcbdata);             var signedcms = new signedcms();             signedcms.decode(pvdata);             try {                 signedcms.checksignature(false);                 console.writeline("signature check passed");             } catch (exception e) {                 console.writeline(e.message);             } {                 crypt32.cryptmsgclose(phmsg);                 crypt32.certclosestore(phcertstore, 0);             }         }     }     static class wincrypt {         // source type         public const int cert_query_object_file = 1;         // object type         const int cert_query_content_cert = 1;         const int cert_query_content_ctl = 2;         const int cert_query_content_crl = 3;         const int cert_query_content_serialized_store = 4;         const int cert_query_content_serialized_cert = 5;         const int cert_query_content_serialized_ctl = 6;         const int cert_query_content_serialized_crl = 7;         const int cert_query_content_pkcs7_signed = 8;         const int cert_query_content_pkcs7_unsigned = 9;         const int cert_query_content_pkcs7_signed_embed = 10;         const int cert_query_content_pkcs10 = 11;         const int cert_query_content_pfx = 12;         const int cert_query_content_cert_pair = 13;          const int cert_query_content_flag_cert = (1 << cert_query_content_cert);         const int cert_query_content_flag_ctl = (1 << cert_query_content_ctl);         const int cert_query_content_flag_crl = (1 << cert_query_content_crl);         const int cert_query_content_flag_serialized_store = (1 << cert_query_content_serialized_store);         const int cert_query_content_flag_serialized_cert = (1 << cert_query_content_serialized_cert);         const int cert_query_content_flag_serialized_ctl = (1 << cert_query_content_serialized_ctl);         const int cert_query_content_flag_serialized_crl = (1 << cert_query_content_serialized_crl);         const int cert_query_content_flag_pkcs7_signed = (1 << cert_query_content_pkcs7_signed);         const int cert_query_content_flag_pkcs7_unsigned = (1 << cert_query_content_pkcs7_unsigned);         const int cert_query_content_flag_pkcs7_signed_embed = (1 << cert_query_content_pkcs7_signed_embed);         const int cert_query_content_flag_pkcs10 = (1 << cert_query_content_pkcs10);         const int cert_query_content_flag_pfx = (1 << cert_query_content_pfx);         const int cert_query_content_flag_cert_pair = (1 << cert_query_content_cert_pair);         public const int cert_query_content_flag_all =             cert_query_content_flag_cert |             cert_query_content_flag_ctl |             cert_query_content_flag_crl |             cert_query_content_flag_serialized_store |             cert_query_content_flag_serialized_cert |             cert_query_content_flag_serialized_ctl |             cert_query_content_flag_serialized_crl |             cert_query_content_flag_pkcs7_signed |             cert_query_content_flag_pkcs7_unsigned |             cert_query_content_flag_pkcs7_signed_embed |             cert_query_content_flag_pkcs10 |             cert_query_content_flag_pfx |             cert_query_content_flag_cert_pair;          // format type         const int cert_query_format_binary = 1;         const int cert_query_format_base64_encoded = 2;         const int cert_query_format_asn_ascii_hex_encoded = 3;         const int cert_query_format_flag_binary = 1 << cert_query_format_binary;         const int cert_query_format_flag_base64_encoded = 1 << cert_query_format_base64_encoded;         const int cert_query_format_flag_asn_ascii_hex_encoded = 1 << cert_query_format_asn_ascii_hex_encoded;         public const int cert_query_format_flag_all =             cert_query_format_flag_binary |             cert_query_format_flag_base64_encoded |             cert_query_format_flag_asn_ascii_hex_encoded;          public const int cmsg_encoded_message = 29;      }     static class crypt32 {          [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)]         public static extern bool cryptqueryobject(             int dwobjecttype,             [marshalas(unmanagedtype.lpwstr)]             string pvobject,             int dwexpectedcontenttypeflags,             int dwexpectedformattypeflags,             int dwflags,             ref int pdwmsgandcertencodingtype,             ref int pdwcontenttype,             ref int pdwformattype,             ref intptr phcertstore,             ref intptr phmsg,             ref intptr ppvcontext         );         [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)]         public static extern bool cryptmsggetparam(             intptr hcryptmsg,             int dwparamtype,             int dwindex,             byte[] pvdata,             ref int pcbdata         );         [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)]         public static extern bool cryptmsgclose(             intptr hcryptmsg         );         [dllimport("crypt32.dll", charset = charset.auto, setlasterror = true)]         public static extern bool certclosestore(             intptr hcertstore,             int dwflags         );     } }

p.s. note have reference system.security assembly. args[0] receives path dll file.


Comments

Post a Comment

Popular posts from this blog

angularjs - ADAL JS Angular- WebAPI add a new role claim to the token -

i have created angular spa webapi backend using adal js authentication.as there no roles in ad, need manually add role claims in order give users access different api controllers. the roles stored in database. expecting inject claim through call webapi after authentication ad. webapi code might this. identity.addclaim(new claim("role", "user")); var ticket = new authenticationticket(identity, props); var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket); is possible replace adal idtoken new token? is viable solution or there other better way handle this? as initial token generated azuread, possible edit token add new claim? appreciated. graph api supporting group claims. see here: http://justazure.com/azure-active-directory-part-4-group-claims/ if @ examples on page, users assigned groups , app can check group in claims. in current version of portal, need app manifest , modify it.
Read more

php - CakePHP HttpSockets send array of paramms -

i problem when make request (i can request). $link = 'http://uri/path/?param1=1&sid=2&sid=3&sid=4' $http = $httpsocket = new httpsocket(); $res = $httpsocket->get($link); if check request pr($http); i see : [line] => /url/path/?param1=1&sid%5b0%5d=2&sid%5b1%5d=3&sid%5b2%5d=4 http/1.1 and i'm getting empty response because server doesn't know parameters sid%5b0%5d=2 when try send parameters array : $data = array('param1' => '1', 'sid' => array('2','3', '4')); i see same changes %5b0%5d - additional indexes. how fix it? unfortunately , can not change server side, if send request in browser, i'll normal response in json format. when make request, can parameters this: $param1 = $_get['param1']; $sid= $_get['sid']; tip: use diferente names parameters. have multiples sid. use sid1, sid2, sid3... update: can parameters this:
Read more

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more