3

Edit: this question is not just about reading cert or thumbprint, also to validate my assumption. We've a requirement to limit access to some of resources in our program(SDK) to only to executable that is signed by our cert.

Assumption: Verifying thumbprint of external executable's against our cert's could solve our purpose because no one can spoof our cert with same thumbprint.

Is there way to read thumbprint of external exe's thumbprint in C# ? I donot find APIs in msdn, looking for alternate way. If i'm wrong with my assumption, please correct me.

Thanks in advance.

rplusg
  • 3,418
  • 6
  • 34
  • 49
  • Possible duplicate of [How do I read the digital signature information from a signed .Net assembly?](http://stackoverflow.com/questions/10549836/how-do-i-read-the-digital-signature-information-from-a-signed-net-assembly) – Nasreddine May 27 '16 at 12:48
  • The problem is that while you can check the signature of the external application, such check can be patched relatively easily. – Eugene Mayevski 'Callback May 27 '16 at 13:28
  • Sorry, could you please elaborate. You mean, external app can act like signed with my cert? – rplusg May 27 '16 at 13:38

1 Answers1

2

You can use X509Certificate.CreateFromSignedFile constructor to retrieve signing certificate from a signed file. More information: https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate.createfromsignedfile(v=vs.110).aspx

Crypt32
  • 12,850
  • 2
  • 41
  • 70
  • Thanks for inputs, can this work with exe created from pure C\C++ ? – rplusg May 27 '16 at 13:20
  • 1
    This will work for any file that supports Microsoft authenticode signature. It can be a script (PS, VBS, JS), DLL, executable, MSI and so on. What language inside is irrelevant. – Crypt32 May 27 '16 at 13:22
  • Thanks again, i will quickly try now and accept your answer. – rplusg May 27 '16 at 13:24