Checking digital signature programmatically

2019-04-08 08:29发布

问题:

I have the exe for the project im working on signed by a digital signature which means when it asks for admin rights it shows the company name. This works very well but if you modify the exe it will still work and show unknown there instead.

Is there a way to check the digital signature to see if it is valid when you run the exe to avoid modified versions running?

Visual studio 2008 windows 7

回答1:

Here is a sample program(it uses WinVerifyTrust function) that verifies signature, but I'm not sure that it will work under Windows 7. You should try it.



回答2:

Considering you already have an UAC need, wouldn't it be sufficient to set the GPO option "Only elevate executables that are signed and validated" in "Computer Configuration\Windows Settings\Local Policies\Security Options" ? There's also an "Use Certificate Rules on Windows Executables for Software Restriction Policies" setting that might be useful.

These settings are better than trying to check from your own application, because the whole point is that you can no longer trust yourself when your binary is modified.