堆栈内存溢出
  简体   繁体   English

我可以使用C#确保X509Certificate由受信任的颁发机构颁发吗?

[英]Can I ensure, using C#, that an X509Certificate was issued by a trusted authority?

 原文  2010-05-18 11:03:41       c#/ x509certificate

问题描述

If I use X509Certificate.CreateFromSignedFile to get the certificate used to sign a file, can I confirm that it was signed by a trusted authority - and isn't just a "self-signed" cert of some kind? 如果我使用X509Certificate.CreateFromSignedFile来获取用于对文件签名的证书,我是否可以确认该文件已由受信任的机构签名-不仅仅是某种“自签名”证书吗?

I want to extract the "Subject" (company) name from the cert to ensure that an unmanaged DLL I'm using is unmolested (I can't checksum it as it's updated frequently and independently) and official. 我想从证书中提取“主题”(公司)名称,以确保我正在使用的非托管DLL不受干扰(因为它是经常且独立地更新的,因此我无法对其进行校验和)并且是官方的。

However, I'm concerned that a fake DLL could be signed with a "self-signed" cert and return the original company's name. 但是,我担心是否可以使用“自签名”证书对伪造的DLL进行签名并返回原始公司的名称。 So, I want to ensure the the cert was issued by Versign, Thwate or similar (anything installed on the cert repository on the machine will be fine). 因此,我想确保证书是由Versign,Thwate或类似机构颁发的(在计算机上的证书存储库中安装的任何文件都可以)。

How can I do this, if at all, when using X509Certificate.CreateFromSignedFile? 使用X509Certificate.CreateFromSignedFile时,怎么办(如果有的话)? Or does it do this automatically (ie a "self-signed" cert will fail)? 还是自动执行此操作(即“自签名”证书将失败)?

2 个解决方案

解决方案1
 1 已采纳  2010-05-18 11:10:43

If it is not valid certificate you will get an exception. 如果它不是有效的证书,您将获得一个例外。 What concerns that you want to check the Company name and etc... Here is the code : 您要检查公司名称等的问题...这是代码: 

  ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(customXertificateValidation);

    private static bool customXertificateValidation(
        object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
    {

        // check here 'cert' parameter properties (ex. Subject) and based on the result 
        // you expect return true or false

        return false/true;
    }

EDIT : The above code is suitable only when requesting https resource which is got not valid(self-signed, expired...etc) certificate. 编辑:以上代码仅适用于请求无效(自签名,过期等)证书的https资源。 What concerns extracting signatures from signed files please check here : Extracting Digital Signatures from Signed Files with .NET 关于从签名文件中提取签名的问题,请查看此处: 使用.NET从签名文件中提取数字签名

解决方案2
 0  2010-05-18 11:10:07

Verify()方法不够吗?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在c#中使用带有文件和密钥的X509Certificate - Using X509Certificate with file and key in c# 解析字节[]作为C#中的X509证书 - Parse Bytes[] as X509Certificate in C# X509证书序列号作为字节数组? C# - X509Certificate Serial Number as Byte Array? C# 可以使用X509Certificate签署.NET程序集吗? - Can a .NET assembly be signed using an X509Certificate? 如何将 BouncyCastle X509Certificate 转换为 X509Certificate2? - How can I convert a BouncyCastle X509Certificate to an X509Certificate2? C#将SSL证书获取到X509Certificate中,出现“禁止”错误 - C# get SSL Certificate into X509Certificate with “Forbidden” error X509证书和XmlDsig - X509Certificate and XmlDsig 重复的X509证书 - Duplicated X509Certificate 撤销X509证书 - Revoked X509Certificate 如何使用C#验证C#中XML文件的签名 <x509certificate> (不是证书文件)? - How to verify signatures of XML File in C# with <x509certificate> (not cert file)?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM