在Windows应用程序上验证代码签名证书 [英] Validating a Code Signing Certificate on a Windows Application
问题描述
我正在尝试以编程方式验证代码签名证书,如 2014年的问题中所述.遵循建议后,我仍然无法找到一致的工作解决方案来确定何时对我的.exe进行了篡改(即哈希不再匹配)
I am trying to programmatically validate a code signing certificate as described in this question from 2014. After following the suggestions, I am still not able to find a consistent working solution to determine when my .exe has been tampered with (i.e. the hash no longer matches)
来自 wintrust.dll
的 WinVerifyTrust
方法是最准确的,但是在对可执行文件进行混淆/VM处理后,我似乎得到了误报.在这种情况下,即使.exe进行了有效签名和篡改,我仍得到(int)2148204800的结果.我也不想使用Windows API调用,因为我希望代码尽可能地可移植.
The WinVerifyTrust
method from wintrust.dll
is the most accurate however I seem to getting a false positive after my executable has been obfuscated/VM'd. In this scenario, I am getting a result of (int)2148204800 even though the .exe is validly signed and un-tampered with. I am also averse to using Windows API calls as I want the code to be as portable as possible.
其他方法,例如 X509Certificate.CreateFromSignedFile().Verify()
和Powershell方法当然不会验证exe的哈希,因此返回true.
The other methods such as X509Certificate.CreateFromSignedFile().Verify()
and the Powershell method of course do not validate the exe's hash so return true.
在过去的4年中,是否有任何新方法可以验证.exe的哈希值,最好是在纯.NET中?我对一个仅验证哈希而不是整个证书(如果可能)的解决方案感到满意.
Is there any new way that's come about in the last 4 years to validate the hash of the .exe, preferably in pure .NET? I am happy with a solution that simply validates that the hash and not the entire certificate (if that's possible).
推荐答案
如果从Mono.Security作为Nuget包提取,则它们具有一个不错的 AuthenticodeDeformatter
类,该类将验证代码签名证书:>
If you pull from Mono.Security as a Nuget Package they have a nice AuthenticodeDeformatter
class that will verify code signing certificates:
var authenticode = new AuthenticodeDeformatter(Filename);
authenticode.IsTrusted(); //Should return False if tampered with.
这篇关于在Windows应用程序上验证代码签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!