我想使用 X509Chain 类验证 dll 上的签名。到目前为止我尝试过:
X509Certificate2 intermediateCertificate = new X509Certificate2();
X509Certificate2 rootCertificate = new X509Certificate2();
intermediateCertificate.Import(intermediateCert);
rootCertificate.Import(rootCert);
X509Chain certificateChain = new X509Chain();
certificateChain.ChainPolicy.ExtraStore.Add(intermediateCertificate);
certificateChain.ChainPolicy.ExtraStore.Add(rootCertificate);
certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
certificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
X509Certificate2 dllCert= new X509Certificate2("path/To/The/Dll");
bool isCertChainValid = certificateChain.Build(dllCert);
我正在开发一种适用于未连接到互联网的计算机的解决方案,因此我将证书添加到额外的存储中,并将吊销模式设置为 noCheck。 我最重要的问题是,当 dll 上的签名无效时,为什么 build() 方法返回 true(我使用十六进制编辑器使其无效并覆盖了文件中的一些字节)
您的代码并不尝试检查 DLL 的签名,它只是询问声称已签署 DLL 的证书是否可信。
X509Certificate2 dllCert= new X509Certificate2("path/To/The/Dll");.NET 基类库 (BCL) 层没有公开验证 Authenticode 签名或应用程序执行策略的方法。
X509Certificate2 intermediateCertificate = new X509Certificate2();
X509Certificate2 rootCertificate = new X509Certificate2();
intermediateCertificate.Import(intermediateCert);
rootCertificate.Import(rootCert);
ImportX509Certificate2 intermediateCertificate = new X509Certificate2(intermediateCert);
X509Certificate2 rootCertificate = new X509Certificate2(rootCert);