Checking digital signature programmatically
https://stackoverflow.com/questions/1130360
-
13-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have the exe for the project im working on signed by a digital signature which means when it asks for admin rights it shows the company name. This works very well but if you modify the exe it will still work and show unknown there instead.
Is there a way to check the digital signature to see if it is valid when you run the exe to avoid modified versions running?
Visual studio 2008 windows 7
Solution
Here is a sample program(it uses WinVerifyTrust function) that verifies signature, but I'm not sure that it will work under Windows 7. You should try it.
OTHER TIPS
Considering you already have an UAC need, wouldn't it be sufficient to set the GPO option "Only elevate executables that are signed and validated" in "Computer Configuration\Windows Settings\Local Policies\Security Options" ? There's also an "Use Certificate Rules on Windows Executables for Software Restriction Policies" setting that might be useful.
These settings are better than trying to check from your own application, because the whole point is that you can no longer trust yourself when your binary is modified.
