堆栈内存溢出
  简体   繁体   English

C#从以字节数组存储的exe文件中获取X509证书

[英]C# Getting a X509Certificate from exe file stored as byte array

 原文  2016-11-30 19:23:37       c#/ arrays/ x509certificate

问题描述

I'm currently doing some code optimization (and trying to stop security software from blocking the generated tempFile.exe) in my auto-updater project. 我目前正在自动更新程序项目中进行一些代码优化(并尝试阻止安全软件阻止生成的tempFile.exe)。 Basically the auto-updater.exe is downloading the latest version of program.exe and was saving it to C:\\Temp\\, check the md5 and the exe signature for security verification and then if all passed we override the program.exe located in the C:\\Program File\\directory. 基本上,auto-updater.exe将下载最新版本的program.exe并将其保存到C:\\ Temp \\,检查md5和exe签名以进行安全性验证,然后如果全部通过,我们将覆盖位于以下位置的program.exe。 C:\\ Program File \\目录。

I optimized the project to download the program.exe into a byte[] (to avoid creating a temporary file in C:\\temp). 我优化了该项目,将program.exe下载到byte []中(以避免在C:\\ temp中创建临时文件)。 I'm able to check the md5 of the byte[] as well but trying to check the exe's signature is where I'm getting stuck. 我也可以检查byte []的md5,但尝试检查exe的签名是否会卡住。

When I was creating the temporary file in C:\\temp I was able to create a X509Certificate using the X509Certificate.CreateFromSignedFile("C:\\temp\\program.exe") method but there's no method accepting a byte[] instead of the file path. 当我在C:\\ temp中创建临时文件时,我可以使用X509Certificate.CreateFromSignedFile(“ C:\\ temp \\ program.exe”)方法创建一个X509Certificate,但是没有方法接受byte []而不是文件路径。 

 X509Certificate2 theCertificate;
 try
 {
     X509Certificate theSigner = X509Certificate.CreateFromSignedFile(pathToFile);
     theCertificate = new X509Certificate2(theSigner);
 }
 catch (Exception ex)
 {
     Console.WriteLine("No digital signature found in: " + pathToFile);
     Console.WriteLine("Signature check ex: " + ex);
     return false;
 }

// This section will check that the certificate is from a trusted authority IE not self-signed
  var theCertificateChain = new X509Chain();
  theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
  theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
  theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
  theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

  bool chainIsValid = theCertificateChain.Build(theCertificate);

  if (chainIsValid)
  {
        // Valid signature...
  }

Do you have any suggestion to verify the downloaded program.exe's signature using the byte[] ? 您是否有任何建议使用byte []来验证下载的program.exe的签名?

1 个解决方案

解决方案1
 1 已采纳  2016-11-30 19:40:14

I am not sure this is your concern but of course you can create a cert instance from byte array using the constructor 我不确定这是否是您关心的问题,但是您当然可以使用构造函数从字节数组创建证书实例 

new X509Certificate2(byte[])

https://msdn.microsoft.com/en-us/library/ms148413(v=vs.110).aspx https://msdn.microsoft.com/zh-CN/library/ms148413(v=vs.110).aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 X509证书序列号作为字节数组? C# - X509Certificate Serial Number as Byte Array? C# 在c#中使用带有文件和密钥的X509Certificate - Using X509Certificate with file and key in c# 如何使用C#验证C#中XML文件的签名 <x509certificate> (不是证书文件)? - How to verify signatures of XML File in C# with <x509certificate> (not cert file)? 解析字节[]作为C#中的X509证书 - Parse Bytes[] as X509Certificate in C# 从证书存储C#MVC获取X509证书的列表 - Get list of X509Certificate from cert store C# MVC 使用X509certificate从XML文件中提取公钥? - Extract public key from an XML file with X509certificate? 在C#中使用X509Certificate(SalesForce证书)在xml文档上签名时出现错误,以进行单点登录SAML帖子 - Getting error while signing xml document with X509Certificate(SalesForce certificate) in C# for Single Sign-On SAML post C#将SSL证书获取到X509Certificate中,出现“禁止”错误 - C# get SSL Certificate into X509Certificate with “Forbidden” error X509证书和XmlDsig - X509Certificate and XmlDsig 重复的X509证书 - Duplicated X509Certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM