how to verify a file has not been tampered with
From: Robert Oeffner (robertNoJunk_at_oeffner.spam_me_not.net)
Date: Fri, 14 Oct 2005 17:22:50 GMT
Would anyone know the steps of how to verify a digitally signed executable
has not been hacked? I was thinking that by comparing the hashvalue of the
executable with the hash value in the signature you'd be able to do this.
I cannot use CAPICOM API as the target systems are likely not to have
CAPICOM installed. I cannot use WinVerifyTrust as this function takes
several seconds to return, generates unwanted network activity and
temporarily hogs the CPU and memory of the target system.
If anyone is able to outline the function calls needed for my task I'd be
very grateful. I was thinking that functions such as
CryptVerifyCertificateSignature or CryptVerifySignature would be useful for
this. However, there are no good examples on the MSDN on how to do this.