stackoom
  简体   繁体   中英

Windows API authenticode get root certificate

 原文  2018-07-16 14:59:23       c/ windows/ winapi/ code-signing-certificate/ authenticode

Question

I want to walk the certificate chain of a authenticode signed PE binary using the Windows API.

To get the certificate store I followed the example from Microsoft:
https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables
With that I get the leaf certificate and the intermediate certificate, but not the root certificate. Tested with different Windows binaries (eg. explorer.exe)
I tried the following loops to walk the store: 

while (pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_ANY, NULL, pCertContext));
while (pCertContext = CertEnumCertificatesInStore(hStore, pCertContext));

Is the root certificate not included in the authenticode signature?
Do I miss some option?

1 answers

solution1
 0 ACCPTED  2018-07-16 18:58:52

Thanks @RbMm for your suggestion with CertGetCertificateChain , that does solve my question.
To get the whole chain, you need to start at the leaf certificate (store seams to start top-down).

Adapted from https://docs.microsoft.com/de-de/windows/desktop/SecCrypto/example-c-program-creating-a-certificate-chain : 

CERT_INFO CertInfo;

CertInfo.Issuer = pSignerInfo->Issuer;
CertInfo.SerialNumber = pSignerInfo->SerialNumber;

pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
if (!pCertContext) {
    _tprintf(_T("CertFindCertificateInStore failed with %x\n"), GetLastError());
    __leave;
}

CERT_ENHKEY_USAGE        EnhkeyUsage;
CERT_USAGE_MATCH         CertUsage;
CERT_CHAIN_PARA          ChainPara;

EnhkeyUsage.cUsageIdentifier = 0;
EnhkeyUsage.rgpszUsageIdentifier = NULL;
CertUsage.dwType = USAGE_MATCH_TYPE_AND;
CertUsage.Usage = EnhkeyUsage;
ChainPara.cbSize = sizeof(CERT_CHAIN_PARA);
ChainPara.RequestedUsage = CertUsage;

if (!CertGetCertificateChain(
    NULL,                  // use the default chain engine
    pCertContext,          // pointer to the end certificate
    NULL,                  // use the default time
    NULL,                  // search no additional stores
    &ChainPara,            // use AND logic and enhanced key usage 
                           //  as indicated in the ChainPara 
                           //  data structure
    dwFlags,
    NULL,                  // currently reserved
    &pChainContext)) {
    cerr << "Error on CertGetCertificateChain" << endl;
    __leave;
}

PCERT_SIMPLE_CHAIN    rgpChain   = NULL;
PCERT_CHAIN_ELEMENT   rgpElement = NULL;

rgpChain = pChainContext->rgpChain[0];

for (int j = 0; j < rgpChain->cElement; j++) {
    rgpElement = rgpChain->rgpElement[j];
    PrintCertificateInfo(rgpElement->pCertContext);
    cout << endl;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Verifying Authenticode signed executables and DLLs using OpenSSL API How to query the root certificate? X509 Certificate verification with Windows Crypto API Windows get Unix like path from cygwin root How can I install a certificate into the user's Trusted Publishers store programmatically using raw windows API? Certificate pinning with WinHTTP API using FindWindow with multiple root windows openssl get certificate extensions Programming In C + Win API: How To Get Windows 7 Look For Controls? Windows API: Get micro seconds between milli seconds
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM