[Mono-dev] Checking Validity/Reputation of a Digital Signature File

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Sep 18 12:59:50 UTC 2012

On Tue, Sep 18, 2012 at 8:03 AM, jaysonp <jaysonpryde at gmail.com> wrote:
> Hi All,
>     I will just ask if the Mono package/project comes with a tool/utility
> that can be used to check the validity of a Digital Signature (as well as
> its counter signatures) other than chkTrust?

This counter signature is specific to authenticode, where the code is
signed by one entity (developer) and someone else much vouch for the
date/time where is was signed.

>     Unlike chkTrust, which checks the embedded digital signature on a file
> (let say PE file), what I am looking for is a utility which checks the
> validity of a BARE/RAW/STAND ALONE digital signature file (i.e. cert file).

A cert file is not a signature - but it is a signed structure.
Checking the signature of a .cer file is rather easy (see X509Chain
class) but it only tells you about the certificate itself, not what it
(e.g. files) could have signed.

>     Reason for this inquiry is I am planning to download some .cert/.pem
> files and would like to check their validity/reputation. If in case Mono
> project does not come with a tool/utility for this, do you have any ideas on
> how to do this?

Mono does not ship any tool to do this specifically (but several do so
internally, e.g. everything that deals with SSL needs to check the
certificates). Grep the tools' source code for X509Chain and you'll
find a few examples.


More information about the Mono-devel-list mailing list