验证可执行文件 [英] Verifying executable
问题描述
请原谅我对安全性的无知,但我需要验证向主机网站(或套接字服务器)发出请求的可执行文件在某种程度上是可信任的.该应用程序(exe)会执行一些低级操作,因此我需要使用久经考验的真实SDK C ++路由来编写它. (我已经尝试过使用C#进行此操作,并且所需的PInvoke代码数量很多,至少对于低级的东西而言是如此).所以知道这一点我应该...
Pardon my ignorance of security matters, but I need to verify that an executable making a request to a host website (or socket server) is somewhat trustable. The application (exe) does some low level stuff so I need it to be written in with the tried and true SDK C++ route. (I've tried doing this with C# and the amount of PInvoke code required was extensive, at least for low level stuff) So knowing this should I...
1.实时对发出请求的exe进行CRC检查,并在将其运往现场之前对照在exe上完成的CRC值进行验证吗?
1. Perform a CRC check against the requesting exe in realtime, and verify this against the CRC value done on the exe before it was shipped to the field?
2.对请求使用签名"可执行文件,并在接受请求的服务器或Web服务器上验证签名.如果是这样,是否有任何C ++示例?如何签名C ++可执行文件?
2. Use a "signed" executable for the request and verify the signature on the server or webserver accepting the request. If so, are there any C++ examples? How do i sign a C++ executable?
这是一条好路吗?我无法使用证书,因为我们没有/维护证书服务器.感谢您的任何输入/指导:-)
What would be a good route here? I cannot use certificates since we don't have/maintain a certificate server. Thanks for any input/guidance :-)
推荐答案
Windows只是没有允许您验证可执行文件身份的设计范例,仅是用户的身份.当然,您的服务器可以发送一个随机数,并要求您的可执行文件对其进行签名,或者使用客户端证书或任何此类方案,但这并不能识别该可执行文件,就像它可以识别运行该可执行文件的用户或计算机一样.
Windows just doesn't have a design paradigm that allows for you to verify the identity of an executable, only the identity of a user. Sure, your server could send a nonce, and ask your executable to sign it, or use client certificates, or any such scheme, but that doesn't identify the executable, so much as it identifies the user or computer running the executable.
这篇关于验证可执行文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
