Главная страница
    Top.Mail.Ru    Яндекс.Метрика
Форум: "Прочее";
Текущий архив: 2016.07.24;
Скачать: [xml.tar.bz2];

Вниз

Digital signatures - как узнать name of signer программно   Найти похожие ветки 

 
Кто б сомневался ©   (2015-11-17 16:10) [0]

Привет.

На просмотре свойств exe\dll, в закладке Digital signatures можно посмотреть подписи.

Первая колонка там - это Name of Signer, обычно название компании, - как получить эту строку программно подскажите пожалуйста.
Почитал Cryptography Functions - там черт ногу сломает, я нифига не понял.


 
Кто б сомневался ©   (2015-11-17 16:25) [1]

Кажись нашел, причем на Delphi.

http://stackoverflow.com/questions/5993877/checking-digital-signature-programmatically-from-delphi


 
Кто б сомневался ©   (2015-11-17 16:25) [2]


// IsCodeSigned, which verifies that the exe hasn"t been modified, uses
// WinVerifyTrust, so it"s NT only.  IsCompanySigningCertificate works on Win9x,
// but it only checks that the signing certificate hasn"t been replaced, which
// keeps someone from re-signing a modified executable.

// Imagehlp.dll
const
 CERT_SECTION_TYPE_ANY = $FF;      // Any Certificate type

function ImageEnumerateCertificates(FileHandle: THandle; TypeFilter: WORD;
 out CertificateCount: DWORD; Indicies: PDWORD; IndexCount: Integer): BOOL; stdcall; external "Imagehlp.dll";
function ImageGetCertificateHeader(FileHandle: THandle; CertificateIndex: Integer;
 var CertificateHeader: TWinCertificate): BOOL; stdcall; external "Imagehlp.dll";
function ImageGetCertificateData(FileHandle: THandle; CertificateIndex: Integer;
 Certificate: PWinCertificate; var RequiredLength: DWORD): BOOL; stdcall; external "Imagehlp.dll";

// Crypt32.dll
const
 CERT_NAME_SIMPLE_DISPLAY_TYPE = 4;
 PKCS_7_ASN_ENCODING = $00010000;
 X509_ASN_ENCODING = $00000001;

type
 PCCERT_CONTEXT = type Pointer;
 HCRYPTPROV_LEGACY = type Pointer;
 PFN_CRYPT_GET_SIGNER_CERTIFICATE = type Pointer;

 CRYPT_VERIFY_MESSAGE_PARA = record
   cbSize: DWORD;
   dwMsgAndCertEncodingType: DWORD;
   hCryptProv: HCRYPTPROV_LEGACY;
   pfnGetSignerCertificate: PFN_CRYPT_GET_SIGNER_CERTIFICATE;
   pvGetArg: Pointer;
 end;

function CryptVerifyMessageSignature(const pVerifyPara: CRYPT_VERIFY_MESSAGE_PARA;
 dwSignerIndex: DWORD; pbSignedBlob: PByte; cbSignedBlob: DWORD; pbDecoded: PBYTE;
 pcbDecoded: PDWORD; ppSignerCert: PCCERT_CONTEXT): BOOL; stdcall; external "Crypt32.dll";
function CertGetNameStringA(pCertContext: PCCERT_CONTEXT; dwType: DWORD; dwFlags: DWORD; pvTypePara: Pointer;
 pszNameString: PAnsiChar; cchNameString: DWORD): DWORD; stdcall; external "Crypt32.dll";
function CertFreeCertificateContext(pCertContext: PCCERT_CONTEXT): BOOL; stdcall; external "Crypt32.dll";
function CertCreateCertificateContext(dwCertEncodingType: DWORD;
 pbCertEncoded: PBYTE; cbCertEncoded: DWORD): PCCERT_CONTEXT; stdcall; external "Crypt32.dll";

// WinTrust.dll
const
 WINTRUST_ACTION_GENERIC_VERIFY_V2: TGUID = "{00AAC56B-CD44-11d0-8CC2-00C04FC295EE}";
 WTD_CHOICE_FILE = 1;
 WTD_REVOKE_NONE = 0;
 WTD_UI_NONE = 2;

type
 PWinTrustFileInfo = ^TWinTrustFileInfo;
 TWinTrustFileInfo = record
   cbStruct: DWORD;                    // = sizeof(WINTRUST_FILE_INFO)
   pcwszFilePath: PWideChar;           // required, file name to be verified
   hFile: THandle;                     // optional, open handle to pcwszFilePath
   pgKnownSubject: PGUID;              // optional: fill if the subject type is known
 end;

 PWinTrustData = ^TWinTrustData;
 TWinTrustData = record
   cbStruct: DWORD;
   pPolicyCallbackData: Pointer;
   pSIPClientData: Pointer;
   dwUIChoice: DWORD;
   fdwRevocationChecks: DWORD;
   dwUnionChoice: DWORD;
   pFile: PWinTrustFileInfo;
   dwStateAction: DWORD;
   hWVTStateData: THandle;
   pwszURLReference: PWideChar;
   dwProvFlags: DWORD;
   dwUIContext: DWORD;
 end;

function WinVerifyTrust(hwnd: HWND; const ActionID: TGUID; ActionData: Pointer): Longint; stdcall; external wintrust;

{-----------------------------------------------}

function IsCodeSigned(const Filename: string): Boolean;
var
 file_info: TWinTrustFileInfo;
 trust_data: TWinTrustData;
begin
 // Verify that the exe is signed and the checksum matches
 FillChar(file_info, SizeOf(file_info), 0);
 file_info.cbStruct := sizeof(file_info);
 file_info.pcwszFilePath := PWideChar(WideString(Filename));
 FillChar(trust_data, SizeOf(trust_data), 0);
 trust_data.cbStruct := sizeof(trust_data);
 trust_data.dwUIChoice := WTD_UI_NONE;
 trust_data.fdwRevocationChecks := WTD_REVOKE_NONE;
 trust_data.dwUnionChoice := WTD_CHOICE_FILE;
 trust_data.pFile := @file_info;
 Result := WinVerifyTrust(INVALID_HANDLE_VALUE, WINTRUST_ACTION_GENERIC_VERIFY_V2,
   @trust_data) = ERROR_SUCCESS
end;

{-----------------------------------------------}

function IsCompanySigningCertificate(const Filename, CompanyName :string): Boolean;
var
 hExe: HMODULE;
 Cert: PWinCertificate;
 CertContext: PCCERT_CONTEXT;
 CertCount: DWORD;
 CertName: AnsiString;
 CertNameLen: DWORD;
 VerifyParams: CRYPT_VERIFY_MESSAGE_PARA;
begin
 // Returns TRUE if the SubjectName on the certificate used to sign the exe is
 // "Company Name".  Should prevent a cracker from modifying the file and
 // re-signing it with their own certificate.
 //
 // Microsoft has an example that does this using CryptQueryObject and
 // CertFindCertificateInStore instead of CryptVerifyMessageSignature, but
 // CryptQueryObject is NT-only.  Using CertCreateCertificateContext doesn"t work
 // either, though I don"t know why.
 Result := False;
 // Verify that the exe was signed by our private key
 hExe := CreateFile(PChar(Filename), GENERIC_READ, FILE_SHARE_READ,
   nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL or FILE_FLAG_RANDOM_ACCESS, 0);
 if hExe = INVALID_HANDLE_VALUE then
   Exit;
 try
   // There should only be one certificate associated with the exe
   if (not ImageEnumerateCertificates(hExe, CERT_SECTION_TYPE_ANY, CertCount, nil, 0)) or
      (CertCount <> 1) then
     Exit;
   // Read the certificate header so we can get the size needed for the full cert
   GetMem(Cert, SizeOf(TWinCertificate) + 3); // ImageGetCertificateHeader writes an DWORD at bCertificate for some reason
   try
     Cert.dwLength := 0;
     Cert.wRevision := WIN_CERT_REVISION_1_0;
     if not ImageGetCertificateHeader(hExe, 0, Cert^) then
       Exit;
     // Read the full certificate
     ReallocMem(Cert, SizeOf(TWinCertificate) + Cert.dwLength);
     if not ImageGetCertificateData(hExe, 0, Cert, Cert.dwLength) then
       Exit;
     // Get the certificate context.  CryptVerifyMessageSignature has the
     // side effect of creating a context for the signing certificate.
     FillChar(VerifyParams, SizeOf(VerifyParams), 0);
     VerifyParams.cbSize := SizeOf(VerifyParams);
     VerifyParams.dwMsgAndCertEncodingType := X509_ASN_ENCODING or PKCS_7_ASN_ENCODING;
     if not CryptVerifyMessageSignature(VerifyParams, 0, @Cert.bCertificate,
        Cert.dwLength, nil, nil, @CertContext) then
       Exit;
     try
       // Extract and compare the certificate"s subject names.  Don"t
       // compare the entire certificate or the public key as those will
       // change when the certificate is renewed.
       CertNameLen := CertGetNameStringA(CertContext,
         CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, nil, nil, 0);
       SetLength(CertName, CertNameLen - 1);
       CertGetNameStringA(CertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
         nil, PAnsiChar(CertName), CertNameLen);
       if CertName <> CompanyName then
         Exit;
     finally
       CertFreeCertificateContext(CertContext)
     end;
   finally
     FreeMem(Cert);
   end;
 finally
   CloseHandle(hExe);
 end;
 Result := True;
end;


 
Limpo ©   (2015-11-17 16:26) [3]

Удалено модератором
Примечание: Бан неизбежен как кризис империализма


 
Rouse_ ©   (2015-11-17 16:28) [4]

Плохо искал.
https://support.microsoft.com/en-us/kb/323809



Страницы: 1 вся ветка

Форум: "Прочее";
Текущий архив: 2016.07.24;
Скачать: [xml.tar.bz2];

Наверх




Память: 0.47 MB
Время: 0.005 c
15-1443130202
Юрий
2015-09-25 00:30
2016.07.24
С днем рождения ! 25 сентября 2015 пятница


15-1446413401
Юрий
2015-11-02 00:30
2016.07.24
С днем рождения ! 2 ноября 2015 понедельник


15-1440689471
Gydvin
2015-08-27 18:31
2016.07.24
Ищу рассказ, или сборник небольших рассказов...


2-1416664103
Drowsy
2014-11-22 16:48
2016.07.24
Почему не очищаются Columns in DBGrid?


15-1447345068
aka
2015-11-12 19:17
2016.07.24
Логический симулятор





Afrikaans Albanian Arabic Armenian Azerbaijani Basque Belarusian Bulgarian Catalan Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Estonian Filipino Finnish French
Galician Georgian German Greek Haitian Creole Hebrew Hindi Hungarian Icelandic Indonesian Irish Italian Japanese Korean Latvian Lithuanian Macedonian Malay Maltese Norwegian
Persian Polish Portuguese Romanian Russian Serbian Slovak Slovenian Spanish Swahili Swedish Thai Turkish Ukrainian Urdu Vietnamese Welsh Yiddish Bengali Bosnian
Cebuano Esperanto Gujarati Hausa Hmong Igbo Javanese Kannada Khmer Lao Latin Maori Marathi Mongolian Nepali Punjabi Somali Tamil Telugu Yoruba
Zulu
Английский Французский Немецкий Итальянский Португальский Русский Испанский