how to check if a file has a digital signature

Question

I\'d like to check programatically if a file has been digitally signed or not.

For the moment, I found a rather obscure code in MSDN, that doesn\'t compile...

<

Answer 1

I found another option (pure .Net code) on the web here.

The code is very simple and works.

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace ConsoleApplication1
{
    internal class Program
    {
        private static void Main(string[] args)
        {
            string filePath = args[0];

            if (!File.Exists(filePath))
            {
                Console.WriteLine("File not found");
                return;
            }

            X509Certificate2 theCertificate;

            try
            {
                X509Certificate theSigner = X509Certificate.CreateFromSignedFile(filePath);
                theCertificate = new X509Certificate2(theSigner);
            }
            catch (Exception ex)
            {
                Console.WriteLine("No digital signature found: " + ex.Message);

                return;
            }

            bool chainIsValid = false;

            /*
  *
  * This section will check that the certificate is from a trusted authority IE
  * not self-signed.
  *
  */

            var theCertificateChain = new X509Chain();

            theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;

            /*
  *
  * Using .Online here means that the validation WILL CALL OUT TO THE INTERNET
  * to check the revocation status of the certificate. Change to .Offline if you
  * don't want that to happen.
  */

            theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;

            theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);

            theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

            chainIsValid = theCertificateChain.Build(theCertificate);

            if (chainIsValid)
            {
                Console.WriteLine("Publisher Information : " + theCertificate.SubjectName.Name);
                Console.WriteLine("Valid From: " + theCertificate.GetEffectiveDateString());
                Console.WriteLine("Valid To: " + theCertificate.GetExpirationDateString());
                Console.WriteLine("Issued By: " + theCertificate.Issuer);
            }
            else
            {
                Console.WriteLine("Chain Not Valid (certificate is self-signed)");
            }
        }
    }
}