Checking digital signature on EXE

c# .net exe x509
LTR picture LTR · Jun 5, 2014 · Viewed 16.3k times · Source

My .NET exe is signed using signtool. Using this code, I can verify the validity of the certificate itself:

var cert = X509Certificate.CreateFromSignedFile("application.exe");
var cert2 = new X509Certificate2(cert.Handle);
bool valid = cert2.Verify();

However, this only checks the certificate itself, and not the signature of the EXE. Therefore, if the EXE is tampered with, this method doesn't detect it.

How can I check the signature?

Answer

pepo picture pepo · Jun 5, 2014

You need to call (P/Invoke) WinVerifyTrust() function from wintrust.dll. There is (as far as I know) no alternative in managed .NET.

You can find documentation of this method here.

Someone already asked this question on SO. It was not accepted, but it should be correct (I only scrolled through). Take a look.

You could also take a look at this guide but they really do the same.

Related questions

How can I run another application within a panel of my C# program?

I've been reading lots on how to trigger an application from inside a C# program (Process.Start()), but I haven t been able to find any information on how to have this new application run within a panel of my …

Read More
"This file came from another computer and might be blocked to protect this computer." - How to programmatically remove this attribute in C# .net?

I made a program in C#. It copies itself to startup if the user ticks the box to do so. The application adds itself to startup using the registry key "SOFTWARE\Microsoft\Windows\CurrentVersion\Run". It works fine, aside from …

Read More
Wix - How to run exe files after installation from installed directory?

I'm using a program which is being installed using wix. (Don't know if it's relevant but it's a C# program) I want to run an exe file which was installed by the msi file, but the location of the installation …

Read More