0

I am trying to verify if a file is digitally signed and if the signature is valid. This is the closest post to my need on SO: How to verify digital signature in C#

The problem I have is how do I get the signature of the signed file in the first place?

UPDATE: Thank you for guidance. Both .exe .js and files are signed with DigiCert Certificate Utility. I found the signature in the .js file itself. Not sure where .exe's is.

I believe the signing algorithm is determined by the certificate. In the details tab of the Certificate details on windows, can be seen that signature algorithm is sha256RSA, signature hash algorithm is sha256 and public key is RSA(2048 Bits).

sanjihan
  • 5,592
  • 11
  • 54
  • 119
  • 2
    The way where the signature can be found depends on the algorithm and usage of the program using the algorithm. Please [edit] your question to include the algorithm and program you are using to sign a file and check the documentation of that program. – Progman Jul 25 '21 at 12:44
  • @Progman thanks for taking your time. It's .exe file that is problematic. – sanjihan Jul 25 '21 at 14:06
  • You might want to check other questions like https://stackoverflow.com/questions/24060009/checking-digital-signature-on-exe or https://stackoverflow.com/questions/47646135/where-is-the-digital-signature-stored-when-code-signing-a-exe-file-in-windows – Progman Jul 25 '21 at 14:12
  • What about zip? – sanjihan Jul 25 '21 at 15:32
  • Still depends on the program you use for signing a ZIP file. You might want to check https://learn.microsoft.com/en-us/dotnet/api/system.io.packaging.packagedigitalsignaturemanager?redirectedfrom=MSDN&view=net-5.0 – Progman Jul 25 '21 at 16:46

0 Answers0