signtool

I'm trying to write a C# program that verifies the digital signature of exe's. The exe's are signed with an authenticode certificate, and I want to detect tampering. I've been able to create a SignedCms instance as described here: Get timestamp from Authenticode Signed files in .NET I assumed SignedCms.CheckSignature would do the trick, but this method never throws an exception... Even not when I modify some bits of the exe... David Pope I'm assuming you've scoured the .NET Framework docs and didn't find what you needed. The answer to this StackOverflow question has a link that describes how

In my application I need to verify whether it's signed or not. If it's signed continue the execution and exit the application if not. The signtool will be used to sign the application. Is there any C# code to do that? Here is a utility method that does it: var signed = IsSigned(@"c:\windows\explorer.exe"); ... public static bool IsSigned(string filePath) { if (filePath == null) throw new ArgumentNullException(nameof(filePath)); var file = new WINTRUST_FILE_INFO(); file.cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)); file.pcwszFilePath = filePath; var data = new WINTRUST_DATA(); data

I'm signing a dot net exe using signcode.exe with an spc/pvk combo The file needs to read its own Public Key at runtime in order to verify some data. I've gone down a number of different avenues. I've tried X509Certificate executingCert = X509Certificate.CreateFromSignedFile(exe); executingCert is then null. I'm guessing signcode isn't creating an X509 signed file, though if there's a switch to change that I'm happy to go that way. edited Turns out the above does work.... I had my null check backwards (!= != ==) :) Assembly asm = Assembly.GetExecutingAssembly(); string exe = asm.Location;

I have coded an NWjs Windows application (Chromium application) and using Inno Setup, I have signed it using a self-signed certificate. However, I get the "Windows protected your PC" message when trying to install it from the web. I wonder now if signing my application with this self-signed certificate is useless because I get the same result when I don't sign the application and package it as it is. When I click "more info" it states that the publisher is unknown in both cases when I sign the application with a self-signed certificate and without a self-signed certificate. I wonder if after

How would I sign a Visual C# executable? SignTool.exe can't find a certificate. How would I create a self signed key and certificate, and have signtool be able to see the certificate and use it? OpenSSL and Visual Studio 2010 Express are installed. Running Windows 7 Ultimate x64. Using SignTool.exe from Windows Driver Kit. Using self-signed certificates for digitally signing your binaries pretty much goes against the concept of using digital certificates with programs. The basic idea is to prove the code was created by you (authenticity) and has not been modified since you released it

I'm trying to sign my clickonce app. I have an EV code signing certificate that is using SHA256. The problem is that when I sign my app using the post build commands, it seems to be using SHA1 instead of SHA256. Here is a clip of the output window: Running Code Analysis... 1> Code Analysis Complete -- 0 error(s), 0 warning(s) 1> The following certificate was selected: 1> Issued to: Certificate Subject Name Here 1> 1> Issued by: DigiCert EV Code Signing CA (SHA2) 1> 1> Expires: Thu Apr 14 06:00:00 2016 1> 1> SHA1 hash: HASH-HERE 1> 1> 1> Done Adding Additional Store 1> Successfully signed and

We need to dual sign our binaries with SHA1 and SHA2 using signtool.exe, our certificate supports 256-bit SHA2. Using the Windows 8 SDK's signtool: e.g.: signtool.exe sign /as /fd sha256 /t http://timestamp.verisign.com/scripts/timstamp.dll /f "certificate.pfx" /p XXXXXXX "file.dll" (where XXXXXXX is our password for the certificate) fails with the cryptic error: SignTool Error: SignedCode::Sign returned error: 0x80070057 The parameter is incorrect. SignTool Error: An error occurred while attempting to sign: file.dll Signing without a timestamp works, signing individually as SHA1 or SHA256