使用什么来检查特定的EXE文件的签名？ [英] What to use to check for a specific EXE file signature?

问题描述

我发现这个MSDN文章解释如何为Authenti $检索信息C $ç签名的可执行程序。它采用以下格式检索数据：

 签名者证书：序列号：00 90 1A 1A 1B 1C 1C 26 3D 4F 56 61 70 94 8F E0 7F
发行人名称：COMODO code签名CA 2
主题名称：​​签名者的名称
 

在这里我的目标是验证该EXE文件与属于该公司的具体签名证书签名。为此，我能明显检查主题名称，但我很好奇序列号：

1. 能否序列号被用来验证EXE文件与特定的证书进行签名？我的试验表明，如果我登录多个文件不改变




2. 请问这个序列号保持不变时，续订证书？

解决方案

IssuerRDN（组确定发行领域）和领域的SerialNumber组合唯一标识证书按的 RFC 5280 。

本RFC没有定义，如果证书重发发生了什么，但我会假设，序列号被改变。其原因是，新的证书将来自previous相差1，因此它必须被唯一地标识。

因此​​，对于您的任务更好的方法将是

1. 完全验证证书链，以确保证书的完整性和真实性


2. 检查者名称


3. 检查主题名称


4. 检查密钥使用领域。

这将确保该证书是有效的，并授权本公司，并在同一时间该算法如果证书被吊销无论出于何种原因从只有一个证书检查（这个错误可能会导致麻烦的错误，为您节省并用一个新的替换）。

I found this MSDN article that explains how to retrieve information for Authenticode signed executables. It retrieves data in the following format:

Signer Certificate:

Serial Number: 00 90 1a 1a 1b 1c 1c 26 3d 4f 56 61 70 8f 94 7f e0
Issuer Name: COMODO Code Signing CA 2
Subject Name: Signer's Name

My goal here is to verify that the EXE file is signed with the specific signing certificate that belongs to the company. For that I can obviously check Subject Name, but I'm curious about the Serial Number:

1. Can Serial Number be used to verify that the EXE file is signed with a specific certificate? My tests showed that it doesn't change if I sign more than one file.

2. Will this serial number stay the same when the certificate is renewed?

解决方案

Combination of IssuerRDN (set of fields that identify the issuer) and SerialNumber fields uniquely identifies the certificate as per RFC 5280.

The RFC doesn't define, what happens if the certificate is re-issued, but I would assume that the serial number is changed. The reason is that the new certificate would differ from the previous one and as such it must be identified uniquely.

Consequently for your task the better approach would be to

1. validate the certificate chain completely to ensure integrity and authenticity of the certificate
2. check issuer name
3. check subject name
4. check key usage field.

This will ensure that the certificate is valid and authorized for this company, and at the same time this algorithm saves you from the mistake of checking for exactly one certificate (this mistake can lead to trouble if the certificate is revoked for whatever reason and replaced with a new one).

这篇关于使用什么来检查特定的EXE文件的签名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！