My .NET exe is signed using signtool. Using this code, I can verify the validity of the certificate itself:
var cert = X509Certificate.CreateFromSignedFile("application.exe");
var cert2 = new X509Certificate2(cert.Handle);
bool valid = cert2.Verify();
However, this only checks the certificate itself, and not the signature of the EXE. Therefore, if the EXE is tampered with, this method doesn't detect it.
How can I check the signature?
Step 1: Right-click on the program that you want to check and select properties from the context menu that is displayed. Step 2: Select the Digital Signatures tab in the Properties window. Step 3: If you see signatures listed on the tab, you know that the file has been signed digitally.
Open the file that contains the certificate you want to view. Click File > Info > View Signatures. In the list, on a signature name, click the down-arrow, and then click Signature Details.
Executable signing certificates, commonly referred to as code signing certificates, are digital files you can use to digitally sign executable files (.exe files). The code signing certificate uses a cryptographic hash that validates the executable file's integrity and authenticity.
You need to call (P/Invoke) WinVerifyTrust()
function from wintrust.dll
. There is (as far as I know) no alternative in managed .NET.
You can find documentation of this method here.
Someone already asked this question on SO. It was not accepted, but it should be correct (I only scrolled through). Take a look.
You could also take a look at this guide but they really do the same.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With