[英]From .NET verify a dll has valid signature and has not been modified
My c# .NET program accesses a c++ library. 我的c#.NET程序访问一个c ++库。
The library is signed with a certificate and is in the same folder as the program. 该库使用证书签名,并且与程序位于同一文件夹中。
At runtime, before i load the c++ library, i want to make sure the library is really mine and has not been tampered with. 在运行时,在我加载c ++库之前,我想确保该库确实是我的并且未被篡改。
I have been able to get the certificate from my dll and verify the certificate : 我已经能够从dll中获取证书并验证证书:
X509Certificate2 cert = new X509Certificate2(X509Certificate.CreateFromSignedFile(filename));
Console.WriteLine(cert.Issuer);`
cert.Verify();`
This tells me the file certificate is ok, but if I then hexedit my file and run my program again, the certificate still validates ok. 这告诉我文件证书是可以的,但是如果我随后对文件进行hexedit并再次运行程序,则证书仍然可以确定。
Where can I find in the certificate the hash of my library (not the hash of the certificate) and how can I create the hash of my library to compare them so I can detect the file being tampered with? 我在证书的哪里可以找到我的库的哈希值(而不是证书的哈希值),如何创建库的哈希值以进行比较,以便可以检测到文件被篡改?
I suspect it should be simple, maybe I overlooked something. 我怀疑这应该很简单,也许我忽略了一些东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.