tags:

views:

60

answers:

2
+2  Q: 

what happens to exe when we sign it?

After signing exe by using VeriSign, if we right click to exe we can see "digital signature" tab which gives information about certificate. Where exactly this information will be stored? I mean how operating system will come to know which certificate is related to which file? Is there anything embed inside exe while signing? How can I write c# code to extract certificate from signed exe?

Any help is greatly appreciated.

Update : I solved problem though I was not able to find how exactly certificate relationship with assembly stored. We can create X509Certificate object by passing assembly path. My task was to just get serial number and owner. Following code I wrote for this.

 X509Certificate cert = X509Certificate.CreateFromSignedFile("Solo4Orchestra.exe");
            MessageBox.Show(cert.Subject.Split(new char[1]{','})[3].Replace("O=",""));
            MessageBox.Show(cert.GetSerialNumberString());

Thanks. Akie

+1  A: 

Windows Authenticode Portable Executable Signature Format might give you some information on the binary format.

There is a Windows API for checking the signature, CryptQueryObject(). Maybe there is also a .NET API for that but apparently not: A related MSDN article with sample code to get revocation list also uses Windows API calls as it seems: How to get information from a CRL (.NET) (might be a good starting point as it implements a wrapper for that function).

Archimedix  2010-09-27 06:57:18
A: 

As mentioned above, it's Authenticode signature format. As far as I know our PKIBlackbox components are the only ones to support Authenticode (both signing and verification) in .NET.

Eugene Mayevski 'EldoS Corp  2010-09-27 07:38:16
The free alternative would of course be to make a wrapper to the Windows API.
Archimedix  2010-09-27 09:04:26
@Archimedix Of course, one can use P/Invoke, however the main task is not to check the signature, but to *properly* validate the certificate. Certificate validation is very complicated procedure (it involves checking CRLs, OCSP servers, validating secondary certificate chains etc.). And there's no OCSP client for .NET available (besides our PKIBlackbox).
Eugene Mayevski 'EldoS Corp  2010-09-27 09:09:58

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?