Verifying X509Certificate signature

TheMSsForum.com: The Microsoft Software Forum

Can anyone point me in the right direction for verifying an X509Certificates
signature? i.e. that it was truly signed by a known/trusted certificate

Thanks -- Peter
--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#
Top

Re: Verifying X509Certificate signature by Hermit

Hermit
Sat Jul 12 02:27:52 CDT 2008

Peter,

I haven't used X509s so i am not really sure whether this is the right
answer but have a look at
http://msdn.microsoft.com/en-us/library/ms580578.aspx

http://en.wikipedia.org/wiki/X.509 (scroll to the bottom to 'Sample X.509
certificates' and it talks about verification as well)

HTH

Hermit

"Peter Ritchie [C# MVP]" <PRSoCo@newsgroups.nospam> wrote in message
news:70133959-7870-47D5-A446-42284A6C9827@microsoft.com...
> Can anyone point me in the right direction for verifying an
> X509Certificates
> signature? i.e. that it was truly signed by a known/trusted certificate
>
> Thanks -- Peter
> --
> Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
> http://www.peterRitchie.com/blog/
> Microsoft MVP, Visual Developer - Visual C#

Top

Re: Verifying X509Certificate signature by PRSoCo

PRSoCo
Sat Jul 12 06:50:00 CDT 2008

Thanks. Unfortunately PackageDigitalSignature.Verify only works on Windows
Vista.

I've been trying to essentially do what the Wikipedia article details...
There seems to be nothing in .NET to get the signature and to-be-signed
section out of a signed certificate (seems pretty fundamental to me). If I
could get those I could simply compare MD5's...

Cheers -- Peter

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#


"Hermit Dave" wrote:

> Peter,
>
> I haven't used X509s so i am not really sure whether this is the right
> answer but have a look at
> http://msdn.microsoft.com/en-us/library/ms580578.aspx
>
> http://en.wikipedia.org/wiki/X.509 (scroll to the bottom to 'Sample X.509
> certificates' and it talks about verification as well)
>
> HTH
>
> Hermit
>
> "Peter Ritchie [C# MVP]" <PRSoCo@newsgroups.nospam> wrote in message
> news:70133959-7870-47D5-A446-42284A6C9827@microsoft.com...
> > Can anyone point me in the right direction for verifying an
> > X509Certificates
> > signature? i.e. that it was truly signed by a known/trusted certificate
> >
> > Thanks -- Peter
> > --
> > Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
> > http://www.peterRitchie.com/blog/
> > Microsoft MVP, Visual Developer - Visual C#
>
>
Top

Re: Verifying X509Certificate signature by Eugene

Eugene
Sat Jul 12 08:42:25 CDT 2008

Hello!
You wrote on Sat, 12 Jul 2008 04:50:00 -0700:

PRC> I've been trying to essentially do what the Wikipedia article
PRC> details... There seems to be nothing in .NET to get the signature and
PRC> to-be-signed section out of a signed certificate (seems pretty
PRC> fundamental to me). If I could get those I could simply compare
PRC> MD5's...

Comparing the hash is not enough to validate the certificate.
You can review the complete procedure here: http://eldos.com/documentation/sbb/documentation/ref_howto_pki_cert_validate.html
The article describes the classes of SecureBlackbox (not .NET certificate
class structure which is very limited), but you will get the idea.

With best regards,
Eugene Mayevski
http://mayevski.blogspot.com/

Top

Re: Verifying X509Certificate signature by PRSoCo

PRSoCo
Sat Jul 12 18:11:00 CDT 2008

Thanks Eugene. There's some useful information there. I'm already doing
other validity checks (time span, revocation, authorization, etc.). At this
point I'm just interested in checking to see if the certificate hasn't been
tampered with--validating it's signature.

I have a server component that essentially acts as a CA; so I have complete
control over the integrity of the signing certificate. I need to
validate that any given certificate was really signed with signing
certificate.

Cheers -- Peter

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#


"Eugene Mayevski" wrote:

> Hello!
> You wrote on Sat, 12 Jul 2008 04:50:00 -0700:
>
> PRC> I've been trying to essentially do what the Wikipedia article
> PRC> details... There seems to be nothing in .NET to get the signature and
> PRC> to-be-signed section out of a signed certificate (seems pretty
> PRC> fundamental to me). If I could get those I could simply compare
> PRC> MD5's...
>
> Comparing the hash is not enough to validate the certificate.
> You can review the complete procedure here: http://eldos.com/documentation/sbb/documentation/ref_howto_pki_cert_validate.html
> The article describes the classes of SecureBlackbox (not .NET certificate
> class structure which is very limited), but you will get the idea.
>
> With best regards,
> Eugene Mayevski
> http://mayevski.blogspot.com/
>
>
Top