Thank you for your reply.
I am puzzled how the CryptVerifyCertificateSignature function can help me. The MSDN documentation mentioning that this function verifies the signature of a certificate by using the public key and does not require access to a private key.
Here is an example:
Say that I have an ABC certificate. I use this certificate to code sign my DLL using signtool. exe
Now I have a DLL that has been signed with certificate ABC.
I have an application that need to load this DLL. Before loading the DLL the application must validate that:
-The DLL has been signed and that the signature is valid. I used WinVerifyTrust
-The DLL must have been signed with the ABC certificate provide by me.
Now the part I do not understand: How can CryptVerifyCertificateSignature validate that the DLL has been signed by certificate ABC and that this certificate is legit if it is not using the private key? Anybody could create a certificate ABC and sign his DLL….
I am new to this code signing stuff and maybe I am missing a something here…
Thank you