How can I programmatically obtain the company info used to digitally sign an assembly in .NET?

Question

As a means of simple security, I was previously checking the digital signature of a downloaded update package for my program against its public key to ensure that it originated from me. However, as I'm using cheap code signing certs (Tucows), I am unable to renew an existing cert and therefore the keys change every time I need to renew.

Therefore, a more reliable means would be to verify the organization information embedded in the signed assembly (which is displayed in the UAC dialog) against my well-known organization string, as this will continue to be the same.

Does anyone know how to obtain this information from a digitally-signed assembly?

Answer 1

Assuming that the assembly is signed using Authenticode technology and X.509 certificates (and not just strong-named), you need an Authenticode reader code (or component) to extract the certificate and validate it. After that you will find organization name in one of the fields of certificate's SubjectName or SubjectRDN record.

We offer Authenticode reader class and certificate manipulation class in PKIBlackbox package.