Replace CAPICOM with .NET, validate certificate

Question

Hi

My component is responsible for downloading files from the server. As part of file validation I have used CAPICOM (SignedCode object) to validate if a certificate contains a specific string and call to Validate method of the SignedCode object. In case the file contains certificate without a requested string in the name, user was prompted if he trust this file.

Since CAPICOM going to be deprecated by Microsoft, I need to implement these logic using .NET libraries. How I can get the same functionality using .NET libraries? Is there any example on the web?

Thanks Zaky

Answer 1

using System.Security.Cryptography;

// ....

byte[] SignData(byte[] toSign)
{
    RSACryptoServiceProvider rsaCert =
            GetCertificateWithPrivateKeyFromSomewhere(); // this method is yours
    return rsaCert.SignData(toSign, new SHA1CryptoServiceProvider());
}

bool VerifyData(byte[] toVerify, byte[] signature)
{
    RSACryptoServiceProvider rsaCert =
            GetCertificateWithPublicKeyFromSomewhere(); // this method is yours
    return rsaCert.VerifyData(toVerify, new SHA1CryptoServiceProvider(), signature);
}