[Mono-list] Authenticode on Windows with Mono.Security.dll from 2.6.7

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Jul 28 10:21:46 EDT 2010 

On Mon, 2010-07-26 at 20:17 -0700, Cameron Taggart wrote:
> I would like to check if an Authenticode signature on an assembly is
> valid. It looks like the code should be pretty simple, just create a
> new AuthenticodeDeformatter instance and call IsTrusted(). The problem
> is that it is always returning false. I believe the chktrust utility
> uses the same code and suffers from the same problem:
> 
> 
> set PATH=C:\Program Files\Mono-2.6.7\bin;%PATH%
> C:\tmp>chktrust -v
> C:\winnt\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
> Mono CheckTrust - version 2.6.7.0
> Verify if an PE executable has a valid Authenticode(tm) signature
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
> BSD licensed.
> 
> Verifying file Microsoft.SqlServer.SqlEnum.dll for Authenticode(tm)
> signatures...
> 
> INFO! Microsoft.SqlServer.SqlEnum.dll was timestamped on 7/10/2008 2:06:25 AM
> ERROR! Microsoft.SqlServer.SqlEnum.dll signature can't be traced back
> to a trusted root!
> 
> 
> I did find this FAQ, but need more help.
> What does "signature can't be traced back to a trusted root!" means ?
> http://www.mono-project.com/FAQ:_Security#What_does_.22signature_can.27t_be_traced_back_to_a_trusted_root.21.22_means_.3F
> 
> 
> On Windows and running on .NET CLR, is there any way to have
> Mono.Security.dll use the certificates that are stored in Windows?

No, at least not without some additional code. You can either:

(a) write some glue code to the windows certificate stores. Mono code
was written to be modular and adaptable to alternative sources for
certificates.

(b) write a tool that read windows certificates and add them into mono's
certificate store (e.g. a bit like mozroots does but windows specific).

> They are viewable via start > run... > certmgr.msc?
> 
> Using certmgr, is there a way to list all the certificates currently
> installed? I get an exception when I try this:
> 
> C:\tmp>certmgr -list -c -m
> Mono Certificate Manager - version 2.6.7.0
> Manage X.509 certificates and CRL from stores.
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
> BSD licensed.
> 
> Unhandled Exception: System.IndexOutOfRangeException: Array index is
> out of range.
>   at Mono.Tools.CertificateManager.Main (System.String[] args)
> [0x00000] in <filename unknown>:0

You need to supply the name of the store you want to list. E.g.

	certmgr -list -c Trust -m

Sebastien

More information about the Mono-list mailing list