Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / C# / March 2008

Tip: Looking for answers? Try searching our database.

Signature verification

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Ralph.Malek@gmail.com - 17 Mar 2008 21:37 GMT
Would anyone happen to know how to determine if a digital signature
used MD5 or SHA1 as the digest algorithm?

I have a requirement to verify the authenticity of VeriSigned exe
file, and while validating the certificate chain is simple enough, I
am having a hard time figuring out how to determine what algorithm was
used to generate the signature...

Thanks,
Reply to this Message
Maciej Oszutowski - 17 Mar 2008 22:11 GMT
Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), Ralph.Malek@gmail.com
napisał(a):

> I have a requirement to verify the authenticity of VeriSigned exe
> file, and while validating the certificate chain is simple enough, I
> am having a hard time figuring out how to determine what algorithm was
> used to generate the signature...

Why don't you simply use WinVerifyTrust API function?

|   Maciej Oszutowski   | Mowa jest srebrem  |
| imagiATpsytranceDOTpl | a milczenie owiec. |
Reply to this Message
Shenro - 18 Mar 2008 14:49 GMT
> Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), Ralph.Ma...@gmail.com
> napisa³(a):
[quoted text clipped - 9 lines]
> |   Maciej Oszutowski   | Mowa jest srebrem  |
> | imagiATpsytranceDOTpl | a milczenie owiec. |

Thanks for the reply. I looked at WinVerifyTrust, but I don't quite
understand how it would be used in this situation. I was under the
impression that the call would simply validate the certificate chain.
In this scenario, even if the certificate is valid and the file
appears to be authentic, I need to ignore it if MD5 was used instead
of SHA1.
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.