检查的EXE数字签名 [英] Checking digital signature on EXE

问题描述

我的.NET EXE使用signtool签名。 使用这个code，我可以验证证书本身的有效性：

  VAR证书= X509Certificate.CreateFromSignedFile（application.exe）;
VAR cert2 =新X509Certificate2（cert.Handle）;
布尔有效= cert2.Verify（）;
 

不过，这仅检查证书本身，而不是EXE文件的签名。因此，如果该EXE被篡改时，此方法不检测它。

我如何检查签名？

解决方案

您需要调用（P / Invoke的）的WinVerifyTrust（）从功能wintrust.dll 。有（据我所知）在托管.NET没办法。

您可以找到这个方法这里的文档。

有人已经提出对SO这个问题。它不被接受，但它应该是正确的（我只能通过滚动）。 看看。

您也可以看看本指南但他们真的做一样的。

My .NET exe is signed using signtool. Using this code, I can verify the validity of the certificate itself:

var cert = X509Certificate.CreateFromSignedFile("application.exe");
var cert2 = new X509Certificate2(cert.Handle);
bool valid = cert2.Verify();

However, this only checks the certificate itself, and not the signature of the EXE. Therefore, if the EXE is tampered with, this method doesn't detect it.

How can I check the signature?

解决方案

You need to call (P/Invoke) WinVerifyTrust() function from wintrust.dll. There is (as far as I know) no alternative in managed .NET.

You can find documentation of this method here.

Someone already asked this question on SO. It was not accepted, but it should be correct (I only scrolled through). Take a look.

You could also take a look at this guide but they really do the same.

这篇关于检查的EXE数字签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！