Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Development
  New Posts New Posts RSS Feed - Discuss: HOWTO: Verify digital signature of a file
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Discuss: HOWTO: Verify digital signature of a file

 Post Reply Post Reply Page  <123>
Author
Message
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17531
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 12 August 2009 at 11:37am
The example in the SDK doesn't handle cases where security catalogs are used.
Daily affirmation:
net helpmsg 4006
Back to Top
nMna View Drop Down
Newbie
Newbie


Joined: 10 August 2009
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote nMna Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2009 at 4:18pm
CryptCatAdminCalcHashFromFileHandle does not work on Win7 64bit / Vista 64bit with 32 application with Wow64Disableredirection, on 32bits works fine. I can read any file, but not calc hash with this api, MS bug?
Back to Top
jaysonpryde View Drop Down
Newbie
Newbie
Avatar

Joined: 23 August 2008
Location: Philippines
Status: Offline
Points: 17
Post Options Post Options   Thanks (0) Thanks(0)   Quote jaysonpryde Quote  Post ReplyReply Direct Link To This Post Posted: 28 January 2011 at 1:47am
How about for countersignatures? Are there any samples for verifying countersignatures?
JMP-09
Back to Top
EladLevin View Drop Down
Newbie
Newbie


Joined: 07 February 2012
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote EladLevin Quote  Post ReplyReply Direct Link To This Post Posted: 07 February 2012 at 2:59pm
The above code fails on Windows 8 Developer Preview 32-bit, any ideas how to get around this?

Back to Top
jrzmurray View Drop Down
Newbie
Newbie
Avatar

Joined: 28 March 2010
Location: Delaware
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jrzmurray Quote  Post ReplyReply Direct Link To This Post Posted: 06 April 2012 at 8:48pm
Has anyone completed this in VB.NET or C#?  I know I can use Interop and import the DLL functions but adapting the code from C is somewhat difficult.  Thanks!
Back to Top
cehupper View Drop Down
Newbie
Newbie


Joined: 30 July 2010
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote cehupper Quote  Post ReplyReply Direct Link To This Post Posted: 17 July 2012 at 6:59pm

I have a driver that I can't get signed in a manner that returns a catalogfile as shown here

http://forum.sysinternals.com/howto-verify-the-digital-signature-of-a-file_topic19247.html

...

catalogfile = CryptCATAdminEnumCatalogFromHash(Context, Buffer, HashSize, 0, NULL);

It Always returns null for my file, but it succeeds for ones such as those signed by vmware

signtool sign /v /ac "c:\tmp\certs\VeriSign Class 3 Public Primary Certification Authority - G5.cer" /s my /n "companyUSA LLC" /t http://timestamp.verisign.com/scripts/timestamp.dll binary.sys


Signtool verify /v /kp shows very similar results for my file and the vmware file.

I feel like I'm missing something very fundamental here.

Thanks.




Thanks.

Back to Top
Validator Al View Drop Down
Newbie
Newbie


Joined: 11 January 2006
Location: United States
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Validator Al Quote  Post ReplyReply Direct Link To This Post Posted: 19 December 2014 at 7:20pm
Thanks for this code! I assume it is still good for Windows 8.1, both 32-bit and 64-bit?

Also, how difficult would it be to modify this to check to see that the signer matches a specific string if provided?
Back to Top
AndrewDover View Drop Down
Newbie
Newbie


Joined: 21 May 2015
Location: US
Status: Offline
Points: 6
Post Options Post Options   Thanks (1) Thanks(1)   Quote AndrewDover Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2015 at 6:31pm
For later OS versions, I had to make two modifications:
 

swprintf(&MemberTag[i * 2], 2, L"%02X", Buffer);

// Added count of 2

WintrustStructure.pSignatureSettings = NULL; // Added for recent OS supported

 

 

 

Back to Top
Karthik View Drop Down
Newbie
Newbie
Avatar

Joined: 29 February 2008
Location: INDIA-BLR
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Karthik Quote  Post ReplyReply Direct Link To This Post Posted: 04 March 2016 at 12:57pm

[Sorry for the re-post. I see this is the primary thread]

Thank you wj32, molotov and all of you... I have been a silent and ardent spectator and learner for quite long. No words for the remarkable jobs you guys do and this site itself. :)

Thanks to the original author a_d_13. Kudos :)

I was working on something similar. I believe one particular question people had in mind (or I may be wrong) is how to use a particular catalog to find if signature is valid. The code posted does solve much of the problem but I think that specific part is missing (again probably people just wanted this solution). I did find similar queries in other forums. The solution I found is rather very simple. We have to ensure that the catalog file(s) are available in catroot when we are scanning with CryptCATAdminEnumCatalogFromHash(). This call is by default searching the existing catalog databases(s). So if I want my catalog to be looked into , I need to stage that into catroot first.

We need to add just two calls
CryptCATAdminAddCatalog()
and we do not want to bloat my catalog databases with catalogs that I am analyzing (well part of my job so I have a whole lot of them), so  I do a
CryptCATAdminRemoveCatalog in the end of the code.

The other thing I wanted to say is sigcheck when used to scan a driver that has an embedded signature but some how "carries" invalid signature if scanned via catalog, it still returns signed. To be specific when KMCS signing policy is followed, PnP signing policy somehow gets superseded. I hope I am not doing anything wrong here.

-Sreejith. D. Menon
DELL
Back to Top
Karthik View Drop Down
Newbie
Newbie
Avatar

Joined: 29 February 2008
Location: INDIA-BLR
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote Karthik Quote  Post ReplyReply Direct Link To This Post Posted: 10 March 2016 at 11:02pm

Thanks to Microsoft we have some new functions!!! Smile

I always wanted to start off with a new blog :) so here it is!

http://gnomicbits.blogspot.in/2016/03/how-to-verify-pe-digital-signature.html

Sreejith. D. Menon


Back to Top
 Post Reply Post Reply Page  <123>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.