I went with option (a) and used Mono.Security to get the certificate bytes and then used System.Security to do thevalidation. I started describing the approach I took at the end of the blog post I just finished:
http://blog.ctaggart.com/2010/07/find-authenticode-signed-assemblies.html thanks Sebastien, Cameron On Wed, Jul 28, 2010 at 7:21 AM, Sebastien Pouliot <[email protected]> wrote: > On Mon, 2010-07-26 at 20:17 -0700, Cameron Taggart wrote: >> I would like to check if an Authenticode signature on an assembly is >> valid. It looks like the code should be pretty simple, just create a >> new AuthenticodeDeformatter instance and call IsTrusted(). The problem >> is that it is always returning false. I believe the chktrust utility >> uses the same code and suffers from the same problem: >> >> >> set PATH=C:\Program Files\Mono-2.6.7\bin;%PATH% >> C:\tmp>chktrust -v >> C:\winnt\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll >> Mono CheckTrust - version 2.6.7.0 >> Verify if an PE executable has a valid Authenticode(tm) signature >> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. >> BSD licensed. >> >> Verifying file Microsoft.SqlServer.SqlEnum.dll for Authenticode(tm) >> signatures... >> >> INFO! Microsoft.SqlServer.SqlEnum.dll was timestamped on 7/10/2008 2:06:25 AM >> ERROR! Microsoft.SqlServer.SqlEnum.dll signature can't be traced back >> to a trusted root! >> >> >> I did find this FAQ, but need more help. >> What does "signature can't be traced back to a trusted root!" means ? >> http://www.mono-project.com/FAQ:_Security#What_does_.22signature_can.27t_be_traced_back_to_a_trusted_root.21.22_means_.3F >> >> >> On Windows and running on .NET CLR, is there any way to have >> Mono.Security.dll use the certificates that are stored in Windows? > > No, at least not without some additional code. You can either: > > (a) write some glue code to the windows certificate stores. Mono code > was written to be modular and adaptable to alternative sources for > certificates. > > (b) write a tool that read windows certificates and add them into mono's > certificate store (e.g. a bit like mozroots does but windows specific). > >> They are viewable via start > run... > certmgr.msc? >> >> Using certmgr, is there a way to list all the certificates currently >> installed? I get an exception when I try this: >> >> C:\tmp>certmgr -list -c -m >> Mono Certificate Manager - version 2.6.7.0 >> Manage X.509 certificates and CRL from stores. >> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. >> BSD licensed. >> >> Unhandled Exception: System.IndexOutOfRangeException: Array index is >> out of range. >> at Mono.Tools.CertificateManager.Main (System.String[] args) >> [0x00000] in <filename unknown>:0 > > You need to supply the name of the store you want to list. E.g. > > certmgr -list -c Trust -m > > Sebastien > > _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
