[Mono-list] Authenticode on Windows with Mono.Security.dll from 2.6.7
Cameron Taggart
cameron.taggart at gmail.com
Fri Jul 30 04:20:11 EDT 2010
I went with option (a) and used Mono.Security to get the certificate
bytes and then used System.Security to do thevalidation. I started
describing the approach I took at the end of the blog post I just
finished:
http://blog.ctaggart.com/2010/07/find-authenticode-signed-assemblies.html
thanks Sebastien,
Cameron
On Wed, Jul 28, 2010 at 7:21 AM, Sebastien Pouliot
<sebastien.pouliot at gmail.com> wrote:
> On Mon, 2010-07-26 at 20:17 -0700, Cameron Taggart wrote:
>> I would like to check if an Authenticode signature on an assembly is
>> valid. It looks like the code should be pretty simple, just create a
>> new AuthenticodeDeformatter instance and call IsTrusted(). The problem
>> is that it is always returning false. I believe the chktrust utility
>> uses the same code and suffers from the same problem:
>>
>>
>> set PATH=C:\Program Files\Mono-2.6.7\bin;%PATH%
>> C:\tmp>chktrust -v
>> C:\winnt\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
>> Mono CheckTrust - version 2.6.7.0
>> Verify if an PE executable has a valid Authenticode(tm) signature
>> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
>> BSD licensed.
>>
>> Verifying file Microsoft.SqlServer.SqlEnum.dll for Authenticode(tm)
>> signatures...
>>
>> INFO! Microsoft.SqlServer.SqlEnum.dll was timestamped on 7/10/2008 2:06:25 AM
>> ERROR! Microsoft.SqlServer.SqlEnum.dll signature can't be traced back
>> to a trusted root!
>>
>>
>> I did find this FAQ, but need more help.
>> What does "signature can't be traced back to a trusted root!" means ?
>> http://www.mono-project.com/FAQ:_Security#What_does_.22signature_can.27t_be_traced_back_to_a_trusted_root.21.22_means_.3F
>>
>>
>> On Windows and running on .NET CLR, is there any way to have
>> Mono.Security.dll use the certificates that are stored in Windows?
>
> No, at least not without some additional code. You can either:
>
> (a) write some glue code to the windows certificate stores. Mono code
> was written to be modular and adaptable to alternative sources for
> certificates.
>
> (b) write a tool that read windows certificates and add them into mono's
> certificate store (e.g. a bit like mozroots does but windows specific).
>
>> They are viewable via start > run... > certmgr.msc?
>>
>> Using certmgr, is there a way to list all the certificates currently
>> installed? I get an exception when I try this:
>>
>> C:\tmp>certmgr -list -c -m
>> Mono Certificate Manager - version 2.6.7.0
>> Manage X.509 certificates and CRL from stores.
>> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
>> BSD licensed.
>>
>> Unhandled Exception: System.IndexOutOfRangeException: Array index is
>> out of range.
>> at Mono.Tools.CertificateManager.Main (System.String[] args)
>> [0x00000] in <filename unknown>:0
>
> You need to supply the name of the store you want to list. E.g.
>
> certmgr -list -c Trust -m
>
> Sebastien
>
>
More information about the Mono-list
mailing list