|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Verifying Digital Signatures in CodeI've recently started signing all EXEs that come out of here. I would
like to verify the signature at startup to detect any changes to the EXE itself. Is something like that possible? I'm using VB.NET 2003.. -- - Mitchell Vincent Hi Mitchell,
Thanks for your post! Can you tell me which type of Exe do you want to sign? If you want to sign .Net assembly, I recommend you use Strong Name technology to get this done. Strong Name is a build-in security feature for protecting .Net assemblies, and after signing with Strong Name, CLR will help you to verify the assembly at loading time. Please refer to the articles below for more information: "Cracking .NET Assemblies" http://www.grimes.demon.co.uk/workshops/fusionWSCrackOne.htm "Security Briefs: Strong Names and Security in the .NET Framework" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht ml/strongNames.asp If you want to sign a normal PE file, you can leverage signcode.exe to get this done, it is shipped with Platform SDK. Below are two articles that describe how to use it to sign a file: "Digital Signing for ActiveX Components" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon98/htm l/vbconunderstandingdigitalsigning.asp "Signing Files and Checking Signatures" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/cr yptotools_6cdv.asp In .Net, you can use System.Diagnostics.Process class to invoke signcode.exe with command line programmatically. Hope this helps! Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Jeffrey Tan[MSFT] wrote:
Show quoteHide quote > Hi Mitchell, "We apologize for the inconvenience, but the page you are seeking cannot > > Thanks for your post! > > Can you tell me which type of Exe do you want to sign? If you want to sign > .Net assembly, I recommend you use Strong Name technology to get this done. > Strong Name is a build-in security feature for protecting .Net assemblies, > and after signing with Strong Name, CLR will help you to verify the > assembly at loading time. Please refer to the articles below for more > information: > > "Signing Files and Checking Signatures" > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/cr > yptotools_6cdv.asp > > In .Net, you can use System.Diagnostics.Process class to invoke > signcode.exe with command line programmatically. > be found in this location." - on that last link. I just want to verify the signature, and was hoping to not have to rely on signcode.exe (which, by the way, can I ship with my application?). Thanks! -- - Mitchell Vincent Hi Mitchell,
Thanks for your feedback! To sign a PE file programmatically, you may leverage CAPICOM 2.0.0.1 capability for Authenticode signatures: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/s ecurity/signedcode.asp CAPICOM is available to be downloaded here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=860E E43A-A843-462F-ABB5-FF88EA5896F6 Below is some general steps for signing: 1. Signer.Load --> Loads a signing certificate from a specified PFX file. 2. SignedCode.Sign --> The Sign method creates an Authenticode digital signature and signs the executable file specified in the SignedCode.FileName property. 3. Signer.Certificate.PrivateKey.Delete(). Michel Gallant MVP has written a sample tool, please refer to the link below: "JAuth/Authnet: Authenticode Signature Verification Utilities" http://www.jensign.com/JavaScience/jauth/ Finally, if you are interested in CAPICOM capability, below is very good article: "Extending .NET Cryptography with CAPICOM and P/Invoke" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/html /netcryptoapi.asp Hope this helps! Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Jeffrey Tan[MSFT] wrote:
> Hi Mitchell, Thanks Jeffery, I'll give all this a try!> > Thanks for your feedback! > -- - Mitchell Vincent Ok, if you need further help, please feel free to feedback. Thanks.
Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. |
|||||||||||||||||||||||
Other interesting topics