stackoom
  简体   繁体   中英

C# Getting a X509Certificate from exe file stored as byte array

 原文  2016-11-30 19:23:37       c#/ arrays/ x509certificate

Question

I'm currently doing some code optimization (and trying to stop security software from blocking the generated tempFile.exe) in my auto-updater project. Basically the auto-updater.exe is downloading the latest version of program.exe and was saving it to C:\\Temp\\, check the md5 and the exe signature for security verification and then if all passed we override the program.exe located in the C:\\Program File\\directory.

I optimized the project to download the program.exe into a byte[] (to avoid creating a temporary file in C:\\temp). I'm able to check the md5 of the byte[] as well but trying to check the exe's signature is where I'm getting stuck.

When I was creating the temporary file in C:\\temp I was able to create a X509Certificate using the X509Certificate.CreateFromSignedFile("C:\\temp\\program.exe") method but there's no method accepting a byte[] instead of the file path. 

 X509Certificate2 theCertificate;
 try
 {
     X509Certificate theSigner = X509Certificate.CreateFromSignedFile(pathToFile);
     theCertificate = new X509Certificate2(theSigner);
 }
 catch (Exception ex)
 {
     Console.WriteLine("No digital signature found in: " + pathToFile);
     Console.WriteLine("Signature check ex: " + ex);
     return false;
 }

// This section will check that the certificate is from a trusted authority IE not self-signed
  var theCertificateChain = new X509Chain();
  theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
  theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
  theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
  theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

  bool chainIsValid = theCertificateChain.Build(theCertificate);

  if (chainIsValid)
  {
        // Valid signature...
  }

Do you have any suggestion to verify the downloaded program.exe's signature using the byte[] ?

1 answers

solution1
 1 ACCPTED  2016-11-30 19:40:14

I am not sure this is your concern but of course you can create a cert instance from byte array using the constructor 

new X509Certificate2(byte[])

https://msdn.microsoft.com/en-us/library/ms148413(v=vs.110).aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question X509Certificate Serial Number as Byte Array? C# Using X509Certificate with file and key in c# How to verify signatures of XML File in C# with <x509certificate> (not cert file)? Parse Bytes[] as X509Certificate in C# Get list of X509Certificate from cert store C# MVC Extract public key from an XML file with X509certificate? Getting error while signing xml document with X509Certificate(SalesForce certificate) in C# for Single Sign-On SAML post C# get SSL Certificate into X509Certificate with “Forbidden” error X509Certificate and XmlDsig Duplicated X509Certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM