Re: Check EXE for MY signature only
- From: lelteto <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Nov 2008 14:17:00 -0800
The downside of NOT using certs is that if somebody changes the (I assume
hard-coded) public key in your application, you would verify OK an attacker's
DLL as OK. Of course, at attacker would also be able to get a cert for his
signature - but at least the code-signing certificate would reveal WHO
created that replacement dll. So although the protection is not perfect
(somebody could still change the signature AND the cert), at least there is
non-repudiation = accountability with certificates.
Laszlo Elteto
SafeNet, Inc.
"eselk2003@xxxxxxxxx" wrote:
On Nov 18, 6:53 am, junk...@xxxxxxxxx wrote:.
This is remarkable! I am looking for a solution for that my self
now...
I have just seen this post from a few hours ago
we have both encountered the same challenge on the same day!
I am trying to figure out how to verify that a dll is signed by my own
signature programatically... one would expect this to be fairly
trivial and sample rich issue...
so I too will be grateful for any help
On 18 Nov, 04:58, eselk2...@xxxxxxxxx wrote:
I've got an EXE I signed using signcode.exe, but I can't figure out
how to verify the signature in my code. I see a lot ofexamplesusingWinVerifyTrust, but that just tells you that the signature is valid,
and I want to verify it was signed using my private key. I think I'm
getting pretty close now that I found CryptQueryObject, and this
article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323809
I'm mostly not sure about fields/properties I need to compare. I saw
some code that just cheks the "subject", but that seems like it would
be easy to fake since I can create a self-signed certificate with any
subject I want. I should probably compare the public key, right?
I'm working on an auto-update design, and I want to make sure any
updates my service downloads/runs are signed by me. I would ship the
public key with my application, and I'd want it to check every
download to make sure it was signed by the matching key. Seems like
this would be pretty common, not sure why I haven't been able to find
info on this. Also, the certificate I'm using for signcode.exe is
just a self-signed certificate, I don't see any reason I should need
Verisign or anything since I'm not trying to prove who I am to the
world
I figured out a solution that works for me. I'm using Crypto API to
create keys, a hash, and signature, and append the signature to the
EXE myself. It seems like a lot less overhead than messing with
certificates and the authenticode stuff.
I posted full source code on my blog:
http://ericoncode.blogspot.com/2008/11/authenticode-my-way.html
The main API functions to research are:
-- To create a has of your file
CryptCreateHash
CryptHashData
-- To create a signature which you can manually append to your file
CryptSignHash
-- To verify the signature
CryptVerifySignature
-- To create private/public key-pairs and export to files so you can
use the private key on all of your development systems and distribute
public key with your application.
CryptGenKey
CryptExportKey
-- To load the private/public key from file.
CryptImportKey
- References:
- Check EXE for MY signature only
- From: eselk2003
- Re: Check EXE for MY signature only
- From: junkstr
- Re: Check EXE for MY signature only
- From: eselk2003
- Check EXE for MY signature only
- Prev by Date: Re: CAPICOM Signer.Load returns -2147024894 (80070002)
- Next by Date: RE: How to create a certificate with private key attached?
- Previous by thread: Re: Check EXE for MY signature only
- Next by thread: CAPICOM Signer.Load returns -2147024894 (80070002)
- Index(es):
Relevant Pages
|
