I'm using CAPICOM in a .NET 3.0 C# app to check an Authenticode signature on an exe file. I need to make sure that the certificate is listed as a Trusted Publisher. Using signedCode.Verify(true)
will show a dialog if the certificate is not already trusted, so the user can choose whether or not to do so. However, signedCode.Verify(false)
is verifying the signature even if it is not from a trusted publisher - presumably this is only checking that the certificate is valid.
How can I check that the signature on a file is from a valid and trusted certificate without the UI?
First, StrongNameSignatureVerificationEx is for assembly signature verification and not Authenticode signature verification. So, this is not relevant to the context of original poster's question.
Concerning the initial question, you can manually check that the signer certificate is correctly chained to a trusted root without any GUI by using the following code :
ICertificateStatus certStatus = signedCode.Signer.Certificate.IsValid();
The idea is to retrieve the signer's certificate and to tell CAPICom to check if it has a correct trust chain.
I hope this will help. Cheers,
Mounir IDRASSI, IDRIX, http://www.idrix.fr
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With