authenticode

I'm writing a function for an installer DLL to verify the Authenticode signature of EXE files already installed on the system. The function needs to: A) verify that the signature is valid. B) verify that the signer is our organization. Because this is in an installer, and because this needs to run on older Win2k installations, I don't want to rely on CAPICOM.dll, as it may not be on the target system. The WinVerifyTrust API works great to solve (A). I need to find a way to compare a known certificate (or properties therein) to the one that signed the EXE in question. Rasmus Faber You should

We need to verify that binary files are signed properly with digital signature (Authenticode). This can be achieved with signtool.exe pretty easily. However, we need an automatic way that also verifies signer name and timestamp. This is doable in native C++ with CryptQueryObject() API as shown in this wonderful sample: How To Get Information from Authenticode Signed Executables However we live in a managed world :) hence looking for C# solution to the same problem. Straight approach would be to pInvoke Crypt32.dll and all is done. But there is similar managed API in System.Security

We recently purchased a DigiCert EV code signing certificate. We are able to sign .exe files using signtool.exe. However, every time we sign a file, it prompts for the SafeNet eToken password. How can we automate this process, without user intervention, by storing/caching the password somewhere? There is no way to bypass the login dialog AFAIK, but what you can do is configure the SafeNet Authentication Client so it only asks it once per login session. I quote the SAC doc (found once installed in \ProgramFiles\SafeNet\Authentication\SAC\SACHelp.chm , chapter ' Client Settings ', ' Enabling

I created an application which comprises a number of *.exe files. I've packaged these up into an NSIS installer which I hosted on my website. When I try to download it Chrome reports it as potentially malicious. At first I thought it could be the URL/site I was hosting on not being recognized so I signed up for Amazon S3 storage and moved the file there. Same problem. I then thought that packing the executables might cause this, so I tried without. Same issue. After some more reading I decided to try signing the executables as well as the installer package EXE. I created a dev cert as follows: