10

If I have a self-signed certificate that is not in the machine's trusted root certificate store, how can I verify that a PE file is Authenticode-signed using that certificate without adding that certificate to the trusted root store?

C# would be preferred, but an answer in C++ is fine, too.

There are many similar questions already on StackOverflow, but none so far has an answer that is acceptable. It must be Authenticode, and I cannot add it to the certificate store. It also cannot be a purchased certificate, because it needs a longer validity time (irrespective of timestamping).

Other than to copy a huge chunk of the Mono signature check code, I don't know of a solution in Win32 or .NET.

Myria
  • 3,372
  • 1
  • 24
  • 42
  • Certificate and signature validation are tricky subjects; a lot needs to be checked. I'm not sure if there is a shortcut. – Maarten Bodewes Feb 22 '18 at 00:05
  • @MaartenBodewes But is there a way to accomplish this with the Microsoft APIs? – Myria Feb 24 '18 at 10:02
  • Undoubtedly. C++ and .NET are Turing complete. If I knew an easy way or tool to do it then I would certainly have answered (just like the other 7 people that voted up, undoubtedly). – Maarten Bodewes May 12 '18 at 14:22

0 Answers0