Validate Authenticode signature on EXE - C++ without CAPICOM

views:

1579

answers:

+5 Q:

Validate Authenticode signature on EXE - C++ without CAPICOM

I'm writing a function for an installer DLL to verify the Authenticode signature of EXE files already installed on the system.

The function needs to:

A) verify that the signature is valid.
B) verify that the signer is our organization.

Because this is in an installer, and because this needs to run on older Win2k installations, I don't want to rely on CAPICOM.dll, as it may not be on the target system.

The WinVerifyTrust API works great to solve (A).

I need to find a way to compare a known certificate (or properties therein) to the one that signed the EXE in question.

If the signature is valid, its certificate chain will contain your certificate. CertGetCertificateChain will get that chain.

MSalters 2008-11-20 13:19:17

Do you mean that the WINTRUST_DATA structure contains the certificate? Or perhaps CertGetCertificateChain can be used on a file directly - I just can't figure out how. I must be missing something obvious. Thanks in advance for more details.

Brian Gillespie 2008-11-20 23:38:23

+2 A:

You should use CryptQueryObject.

This KB-article demonstrates the use: How To Get Information from Authenticode Signed Executables.

To the commenter that asked about how to do it without the Windows-APIs, I am not aware of any library that can do it, but the format is documented here: Windows Authenticode Portable Executable Signature Format

Rasmus Faber 2008-11-21 08:13:30

cheers for the doc, guess I'll have to do it the long way round...

bobince 2009-01-12 23:36:23

ansaurus

tags:

views:

answers:

Validate Authenticode signature on EXE - C++ without CAPICOM

related questions