Re: problem with CAPICOM



hmm I just ran this Authenticode verification utility on a the FP4.cat
WFP file and it passed signature verification without a problem . so
that means that any file hashes covered in THAT cap file are protected:
http://www.jensign.com/JavaScience/jauth/sources/Jauthnet.txt

CAPICOM SignedCode.Verify invokes some of the WinVerify api.

- Mitch Gallant

"jacekmichalek_ta_gmail.com" <jacekmichalek@xxxxxxxxx> wrote in message
news:1141573259.798928.105280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I read about sfc, even used it to enumerate protected files - but it's
all sfc can do (according to API documentation). What about idea i
mentioned - check signature of catalog file, which holds hash of
system file to verify? I tried it using winverifytrust, setting

dwUnionChoice = WTD_CHOICE_FILE in WINTRUST_DATA structure, and

pcwszFilePath =catinfo.wszCatalogFile in WINTRUST_FILE_INFO

but i got negative response - TRUST_E_NOSIGNATURE.

On the other hand, when I examine this catalog file with signtool, i
get positive answer?

correct me if it;s wrong.

rgrds
Jacek



.