堆栈内存溢出
  简体   繁体   English

如何以编程方式获取用于在.NET中进行数字签名的公司信息?

[英]How can I programmatically obtain the company info used to digitally sign an assembly in .NET?

 原文  2010-04-15 02:10:31       c#/ .net/ assemblies/ code-signing/ digital-signature

问题描述

As a means of simple security, I was previously checking the digital signature of a downloaded update package for my program against its public key to ensure that it originated from me. 作为一种简单的安全措施,我以前根据程序的公钥检查了已下载的程序更新包的数字签名,以确保该程序源自我。 However, as I'm using cheap code signing certs (Tucows), I am unable to renew an existing cert and therefore the keys change every time I need to renew. 但是,由于我使用的是便宜的代码签名证书(Tucows),因此我无法续订现有证书,因此,每次需要续订时,密钥都会更改。

Therefore, a more reliable means would be to verify the organization information embedded in the signed assembly (which is displayed in the UAC dialog) against my well-known organization string, as this will continue to be the same. 因此,一种更可靠的方法是对照我熟知的组织字符串来验证嵌入在已签名程序集中(在UAC对话框中显示)的组织信息,因为这将继续保持不变。

Does anyone know how to obtain this information from a digitally-signed assembly? 有谁知道如何从数字签名的程序集中获取此信息?

2 个解决方案

解决方案1
 1  2011-04-21 16:13:59

Isn't it enough to just check that the assembly is strong named using your key? 仅使用您的密钥检查程序集是否为强命名就够了吗? Authenticode mostly benefits the end user who can identify that you are who you say you are (due to the efforts of the cert. authority). Authenticode最能使最终用户受益,因为它可以证明您是您的真实身份(由于证书颁发机构的努力)。 To my mind, in your situation, there's no extra security in an authenticode certificate over a simple strong name. 我认为,在您的情况下,authenticode证书中的简单强名称没有任何额外的安全性。

I assume a strong name is much simpler to verify, and you won't have to worry about your key changing. 我认为一个强名更容易验证,并且您不必担心密钥更改。

解决方案2
 0  2010-04-15 06:07:13

Assuming that the assembly is signed using Authenticode technology and X.509 certificates (and not just strong-named), you need an Authenticode reader code (or component) to extract the certificate and validate it. 假定程序集使用Authenticode技术和X.509证书(而不仅仅是强名称)签名,则需要Authenticode读取器代码(或组件)以提取证书并对其进行验证。 After that you will find organization name in one of the fields of certificate's SubjectName or SubjectRDN record. 之后,您将在证书的SubjectName或SubjectRDN记录的字段之一中找到组织名称。

We offer Authenticode reader class and certificate manipulation class in PKIBlackbox package. 我们在PKIBlackbox包中提供Authenticode读取器类和证书操作类

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取用于强名称的.Net程序集的hash? - How can I obtain the hash of a .Net assembly used for Strong Names? 如何对可执行文件进行数字签名? - How can I digitally sign an executable? 如何查看以编程方式在.NET程序集中调用的方法? - How can I see which methods are called in a .NET assembly programmatically? 如何确定给定 .NET 程序集使用的子系统? - How can I determine the subsystem used by a given .NET assembly? 如何将 pdf 数字签名到 C# 上的单独文件中? - How do I digitally sign a pdf into a separate file on C#? 如何以编程方式重建现有装配? - How can I programmatically rebuild an existing assembly? 我可以通过编程方式控制.NET Core程序集重定向吗? - Can I control .NET Core assembly redirects programmatically? 以编程方式延迟标志组装 - Delay sign assembly programmatically 如何以编程方式替换 .NET 程序集中的嵌入资源? - How do I replace embedded resources in a .NET assembly programmatically? 如何对 .tlb(类型库)文件进行数字签名? - How to digitally sign .tlb(type library) files?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM