验证下载的program.exe的签名
我当前正在进行一些代码优化(并试图阻止安全软件阻止我的自动上流项目中生成的tempfile.exe)。基本上是auto-updater.exe正在下载最新版本的program.exe,并将其保存到c: temp ,检查MD5和EXE签名以进行安全验证,然后如果全部通过了,则我们覆盖program.exe.exe。C: Program File Directory。
我优化了将program.exe下载到字节[]的项目(避免在C: temp中创建临时文件)。我也可以检查字节[]的MD5,但是试图检查EXE的签名是我被卡住的地方。
当我在c: temp中创建临时文件时,我能够使用x509certificate创建x509certificate.createefromsignedFile(" c: temp program.exe")方法,但是没有方法接受一个byte []文件路径。
X509Certificate2 theCertificate;
try
{
X509Certificate theSigner = X509Certificate.CreateFromSignedFile(pathToFile);
theCertificate = new X509Certificate2(theSigner);
}
catch (Exception ex)
{
Console.WriteLine("No digital signature found in: " + pathToFile);
Console.WriteLine("Signature check ex: " + ex);
return false;
}
// This section will check that the certificate is from a trusted authority IE not self-signed
var theCertificateChain = new X509Chain();
theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
bool chainIsValid = theCertificateChain.Build(theCertificate);
if (chainIsValid)
{
// Valid signature...
}
您是否有任何建议可以使用字节[]?
我不确定这是您的关注
new X509Certificate2(byte[])
https://msdn.microsoft.com/en-us/library/ms148413(v = vs.110).aspx