How can I find out which certificate was used to sign a PKCS7 message?

Question

I'm using the System.Security.Cryptography.Pkcs.SignedCms class in the .NET framework to read and validate signed data.

For this I have a list of valid certificates that I'm passing in the CheckSignature method.

This works great and the method will throw an exception if the signing certificate is not contained in the list.

However I would like to retrieve the exact certificate that was used to validate the message. The CheckSignature method returns void and the Certificates property on SignedCms is always null in my data set.

I do not want to brute force all possible certificates, especially as the method will throw me an exception if the certificate is invalid and there can be a lot of certificates in the list.

Any idea how to do this?

Related question: Is there a method to check the certificate that will not cause an exception if there is no valid certificate found (I would prefer a boolean return value).

Thanks!

Answer 1

Try the SignerInfos property, and see if you can extract certificates using the SignerInfo objects returned by it.