How to validate a signed DLL has been signed by me?

Question

I have created a self generated certificate to sign a DLL. When I load this DLL into my C++ application I am able to validate if the code signing certificate is valid or not by using the WinVerifyTrust api.

But I am not able to find a way to detect that the DLL has been signed by one of my certificates. Even by using the CryptQueryObject api I do not find any useful information.

Does anyone have a idea on how to do this? Or is it event possible?

Thank you

Answer 1

CryptVerifyCertificateSignature isn't what you want?

Answer 2

If you sign a certificate using your private key, it can only be verified with your public key. That's how public-key cryptography works. If you can use a public key to verify the signature, then you know that the corresponding private key must have been used to sign it.

Answer 3

In case you need a version that also works on earlier versions of Windows than the one Bill Zeller showed you, you can use the following:

1. Use CryptQueryObject with CERT_QUERY_OBJECT_FILE
2. Use CryptMsgGetParam with CMSG_SIGNER_CERT_INFO_PARAM on the HCRYPTMSG you received from the previous call
3. Now use CertCompareIntegerBlob to compare your known (certificate) serial number (or numbers, in a loop) against the one in the file

If any of the known serial numbers matches, you're done. If all comparisons fail, it's not your cert.

Note: when looking at the serial number of the certificate in the file properties dialog, the bytes shown there appear in the reverse order when compared with the contents of the PCERT_INFO (CERT_INFO::SerialNumber) you get from the CryptMsgGetParam. So make sure that you store your own serial numbers reversed or reverse them before comparison.

Also note: you'll still need to have the certificate installed as trusted, in order for WinVerifyTrust (not mentioned above) to consider the code signature trusted at all. I just described the part about how to find out it's your own certificate that was used.