views:

115

answers:

1

We need to verify that binary files are signed properly with digital signature (Authenticode). This can be achieved with signtool.exe pretty easily. However, we need an automatic way that also verifies signer name and timestamp. This is doable in native C++ with CryptQueryObject() API as shown in this wonderful sample: How To Get Information from Authenticode Signed Executables

However we live in a managed world :) hence looking for C# solution to the same problem. Straight approach would be to pInvoke Crypt32.dll and all is done. But there is similar managed API in System.Security.Cryptography.X509Certificates Namespace. X509Certificate2 Class seems to provide some information but no timestamp. Now we came to the original question how can we get that timestamp of a digital signature in C Sharp?

+1  A: 

As I see that you've got no replies anyway, let me offer one.

If you don't mind using third-party components, take a look at TElAuthenticodeVerifier component of our SecureBlackbox product. With this component you can verify the signature and check the timestamps.

Eugene Mayevski 'EldoS Corp
The class looks nice, thanks. Does VerifySignature check certificate validity against CRL online? BTW, I've already implemented timestamp check by pinvoking CryptQueryObject so I am asking just for my curiosity.
SlavaGu
Yes, CRL and OCSP checking is possible using SecureBlackbox. You'd need to use TElX509CertificateValidator (https://www.eldos.com/documentation/sbb/documentation/ref_cl_certificatevalidator.html) to perform complex (and complete) validation of certificates, used to make a signature.
Eugene Mayevski 'EldoS Corp
Hi SlavaGu, Could you please share your solution with me? or may be give some idea how can I do. I have also similar issue. Thanks.
Akie