我正在自動更新項目中進行一些代碼優化(並試圖阻止安全軟件阻止生成的tempFile.exe)。基本上,auto-updater.exe正在下載最新版本的program.exe並將其保存到C:\ Temp \,檢查md5和exe簽名以進行安全驗證,然後如果全部通過,我們將覆蓋位於C:\ Program File \目錄。C#從存儲爲字節數組的exe文件中獲取X509Certificate
我優化了項目,將program.exe下載到byte []中(以避免在C:\ temp中創建臨時文件)。我能夠檢查字節[]的md5,但試圖檢查exe的簽名是我卡住的地方。
當我在C:\ temp中創建臨時文件時,我能夠使用X509Certificate.CreateFromSignedFile(「C:\ temp \ program.exe」)方法創建X509Certificate,但沒有方法接受byte []而不是文件路徑。
X509Certificate2 theCertificate;
try
{
X509Certificate theSigner = X509Certificate.CreateFromSignedFile(pathToFile);
theCertificate = new X509Certificate2(theSigner);
}
catch (Exception ex)
{
Console.WriteLine("No digital signature found in: " + pathToFile);
Console.WriteLine("Signature check ex: " + ex);
return false;
}
// This section will check that the certificate is from a trusted authority IE not self-signed
var theCertificateChain = new X509Chain();
theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
bool chainIsValid = theCertificateChain.Build(theCertificate);
if (chainIsValid)
{
// Valid signature...
}
您是否有任何建議使用byte []驗證下載的program.exe的簽名?
創建字節數組證書比如我會試試看,但我想從program.exe的證書創建證書。 – exomic
看起來像該方法能夠以byte []的形式在整個program.exe中找到簽名。這比預期容易得多。謝謝! – exomic