I'm trying to write a C# program that verifies the digital signature of exe's. The exe's are signed with an authenticode certificate, and I want to detect tampering.
I've been able to create a SignedCms instance as described here: Get timestamp from Authenticode Signed files in .NET
I assumed SignedCms.CheckSignature would do the trick, but this method never throws an exception... Even not when I modify some bits of the exe...
I'm assuming you've scoured the .NET Framework docs and didn't find what you needed. The answer to this StackOverflow question has a link that describes how to use the native Windows CryptQueryObject function to verify a signature. So all that's left is to check out PInvoke.NET to see how to bring that function into .NET.
Could you just shell to signtool.exe /verify, and check the result?
I recently wrote a simple app which signs executables using the same method, and it works great.
来源:https://stackoverflow.com/questions/7622732/c-how-to-detect-tampering-of-authenticode-signed-file