Re: Check EXE for MY signature only



The downside of NOT using certs is that if somebody changes the (I assume
hard-coded) public key in your application, you would verify OK an attacker's
DLL as OK. Of course, at attacker would also be able to get a cert for his
signature - but at least the code-signing certificate would reveal WHO
created that replacement dll. So although the protection is not perfect
(somebody could still change the signature AND the cert), at least there is
non-repudiation = accountability with certificates.

Laszlo Elteto
SafeNet, Inc.

"eselk2003@xxxxxxxxx" wrote:

On Nov 18, 6:53 am, junk...@xxxxxxxxx wrote:
This is remarkable! I am looking for a solution for that my self
now...
I have just seen this post from a few hours ago
we have both encountered the same challenge on the same day!

I am trying to figure out how to verify that a dll is signed by my own
signature programatically... one would expect this to be fairly
trivial and sample rich issue...

so I too will be grateful for any help

On 18 Nov, 04:58, eselk2...@xxxxxxxxx wrote:



I've got an EXE I signed using signcode.exe, but I can't figure out
how to verify the signature in my code. I see a lot ofexamplesusingWinVerifyTrust, but that just tells you that the signature is valid,
and I want to verify it was signed using my private key. I think I'm
getting pretty close now that I found CryptQueryObject, and this
article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323809

I'm mostly not sure about fields/properties I need to compare. I saw
some code that just cheks the "subject", but that seems like it would
be easy to fake since I can create a self-signed certificate with any
subject I want. I should probably compare the public key, right?

I'm working on an auto-update design, and I want to make sure any
updates my service downloads/runs are signed by me. I would ship the
public key with my application, and I'd want it to check every
download to make sure it was signed by the matching key. Seems like
this would be pretty common, not sure why I haven't been able to find
info on this. Also, the certificate I'm using for signcode.exe is
just a self-signed certificate, I don't see any reason I should need
Verisign or anything since I'm not trying to prove who I am to the
world

I figured out a solution that works for me. I'm using Crypto API to
create keys, a hash, and signature, and append the signature to the
EXE myself. It seems like a lot less overhead than messing with
certificates and the authenticode stuff.

I posted full source code on my blog:

http://ericoncode.blogspot.com/2008/11/authenticode-my-way.html

The main API functions to research are:

-- To create a has of your file
CryptCreateHash
CryptHashData

-- To create a signature which you can manually append to your file
CryptSignHash

-- To verify the signature
CryptVerifySignature

-- To create private/public key-pairs and export to files so you can
use the private key on all of your development systems and distribute
public key with your application.
CryptGenKey
CryptExportKey

-- To load the private/public key from file.
CryptImportKey

.



Relevant Pages

  • Re: Soft signatures
    ... now, digital signature, typically just represents that you (in ... For some time there were arguments that if a certificate contained the ... certificate with your public key and the non-repudiation flag in it. ... for a number of different business purposes. ...
    (sci.crypt)
  • Problem verifying a X509Certificates signature
    ... One of the methods I am implementing is the Verify method. ... X509CertificateEnhanced) is signed by the public key (of another ... certificate) passed as a parameter. ... certificate's signature, to be used in the "rgbSignature" parameter. ...
    (microsoft.public.dotnet.security)
  • Re: Are ++ and -- operators really more efficient
    ... But you still need a way to verify that it's the right key. ... the signature contains a URL indicating ... where the certificate can be found. ... (This idea that public keys represent principals -- ...
    (comp.lang.c)
  • Re: how can we restrict what certificate WSE will use?
    ... > X509SecurityTokenManager to verify the request is from a trusted client. ... > certificate to build a valid signature and encrypted data section. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Certificates and Cryptography (Please HELP!)
    ... signedMessage1.txt is the DSA 40-byte Base64-Encoded signature which I ... should be able to verify with the certificate's public key. ... The certificate store that I installed the certificate into ... >> I've read through the CryptoAPI documentation, ...
    (microsoft.public.dotnet.framework.aspnet.security)