Reputation: 3273
Validate Authenticode signature on EXE - C++ without CAPICOM
I'm writing a function for an installer DLL to verify the Authenticode signature of EXE files already installed on the system.
The function needs to:
A) verify that the signature is valid.
B) verify that the signer is our organization.
Because this is in an installer, and because this needs to run on older Win2k installations, I don't want to rely on CAPICOM.dll, as it may not be on the target system.
The WinVerifyTrust API works great to solve (A).
I need to find a way to compare a known certificate (or properties therein) to the one that signed the EXE in question.
Upvotes: 16
Views: 14250
Answers (2)
Reputation: 49677
You should use CryptQueryObject.
This KB-article demonstrates the use: How To Get Information from Authenticode Signed Executables.
To the commenter that asked about how to do it without the Windows-APIs, I am not aware of any library that can do it, but the format is documented here: Windows Authenticode Portable Executable Signature Format
Upvotes: 25
Reputation: 180145
If the signature is valid, its certificate chain will contain your certificate. CertGetCertificateChain will get that chain.
Upvotes: 0
Related Questions
- Amended code to retrieve dual signature information from PE executable in Windows?
- How to validate a PE file's digital signature in windows and find who signed it? (using c/c++)
- C - Verify code signatures - Windows API
- Read and validate certificate from executable
- What is the best way to check programatically if DLL/EXE file is signed with authenticode?
- Verify digital signature within system32/drivers folder
- What to use to check for a specific EXE file signature?
- How to verify user's name and password in Windows?
- How to verify an exe/dll/sys is original from Microsoft?
- Checking digital signature programmatically