[Mono-list] Authenticode on Windows with Mono.Security.dll from 2.6.7

Cameron Taggart cameron.taggart at gmail.com
Mon Jul 26 23:17:07 EDT 2010


I would like to check if an Authenticode signature on an assembly is
valid. It looks like the code should be pretty simple, just create a
new AuthenticodeDeformatter instance and call IsTrusted(). The problem
is that it is always returning false. I believe the chktrust utility
uses the same code and suffers from the same problem:


set PATH=C:\Program Files\Mono-2.6.7\bin;%PATH%
C:\tmp>chktrust -v
C:\winnt\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
Mono CheckTrust - version 2.6.7.0
Verify if an PE executable has a valid Authenticode(tm) signature
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
BSD licensed.

Verifying file Microsoft.SqlServer.SqlEnum.dll for Authenticode(tm)
signatures...

INFO! Microsoft.SqlServer.SqlEnum.dll was timestamped on 7/10/2008 2:06:25 AM
ERROR! Microsoft.SqlServer.SqlEnum.dll signature can't be traced back
to a trusted root!


I did find this FAQ, but need more help.
What does "signature can't be traced back to a trusted root!" means ?
http://www.mono-project.com/FAQ:_Security#What_does_.22signature_can.27t_be_traced_back_to_a_trusted_root.21.22_means_.3F


On Windows and running on .NET CLR, is there any way to have
Mono.Security.dll use the certificates that are stored in Windows?
They are viewable via start > run... > certmgr.msc?

Using certmgr, is there a way to list all the certificates currently
installed? I get an exception when I try this:

C:\tmp>certmgr -list -c -m
Mono Certificate Manager - version 2.6.7.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
BSD licensed.

Unhandled Exception: System.IndexOutOfRangeException: Array index is
out of range.
  at Mono.Tools.CertificateManager.Main (System.String[] args)
[0x00000] in <filename unknown>:0


cheers,
Cameron


More information about the Mono-list mailing list