How can I determine the signer of a CAB/DLL/EXE file?

TheMSsForum.com: The Microsoft Software Forum

Hi there,

I'm not sure whether this is the right group to post this query to, but if
not, any pointers to the relevant resources would be helpful :)

What I'm attempting to do is write an installer that will i) download a
CAB/DLL from the internet, ii) verify its digital signature, and iii) check
the name of the signer. Only if our company is the signer will the CAB/DLL
be installed on the user's machine.

I have managed i) with WinInet*() and ii) with WinVerifyTrust(), but I am at
a loss as to how to achieve iii). Can anyone suggest a method that would
allow me to do this? It must be possible since IE displays the name of the
signer when you download an ActiveX from the internet, but I'm stuggling to
find an API function to extract this information from a PE/DLL/CAB file.


Thanks in advance for your help,

Mark.
Top

Re: How can I determine the signer of a CAB/DLL/EXE file? by Michel

Michel
Fri Aug 15 12:23:08 CDT 2003

You can use the CryptoAPI function CryptQueryObject() as described
at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323809

However, depending on your language, it is much easier to do this
via scripted CAPICOM :-)

- Michel Gallant
MVP Security

"Mark CA" <me@nospam.com> wrote in message news:1060953072.503160@ananke.eclipse.net.uk...
> Hi there,
>
> I'm not sure whether this is the right group to post this query to, but if
> not, any pointers to the relevant resources would be helpful :)
>
> What I'm attempting to do is write an installer that will i) download a
> CAB/DLL from the internet, ii) verify its digital signature, and iii) check
> the name of the signer. Only if our company is the signer will the CAB/DLL
> be installed on the user's machine.
>
> I have managed i) with WinInet*() and ii) with WinVerifyTrust(), but I am at
> a loss as to how to achieve iii). Can anyone suggest a method that would
> allow me to do this? It must be possible since IE displays the name of the
> signer when you download an ActiveX from the internet, but I'm stuggling to
> find an API function to extract this information from a PE/DLL/CAB file.
>
>
> Thanks in advance for your help,
>
> Mark.
>
>
>
>
>


Top

Re: How can I determine the signer of a CAB/DLL/EXE file? by Mark

Mark
Mon Aug 18 07:31:17 CDT 2003

Hi Michel,

Thank you very much for pointing me in the right direction! Unfortunately
I'm not able to use CAPICOM since we are obliged to assume just a standard
installation of Windows and IE5 (and we must also support Win95 too).

Fortunately that example was really useful and I've been able to write some
functions to get the information I needed - not without a great deal of
pain. IMHO the cryptography section of the Platform SDK is below standard- I
found cases where some constants/structure elements were completely missing
from the documentation and their absence from the code would cause various
routines to crash :(


Thanks once again,

Mark




Top