How do I find the certificate of a signed file?

[DeepT]

I have some signed files. If you right-click on them you can see that they are signed and get some detailed information about the cert. However, I do not know how to do this programmaticlly.

I have messed with the cert functions in the Crypto API, but those seem to deal with cert stores, not signed files.

What I *really* want to verify is that the file I just downloaded was signed by us and that the chain of trust is valid (IE: It is not a forged / bogus cert).

I have been doing some searching, but have come up empty on this.

[DeepT]

I have found out how to part way there:

Code:

// SignedFileCheck.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "SignedFileCheck.h"

#include <Imagehlp.h>
#pragma comment(lib, "Imagehlp.lib")

#include <Wincrypt.h>
#pragma comment(lib, "Crypt32.lib")

#ifdef _DEBUG
#define new DEBUG_NEW
#endif


// The one and only application object

CWinApp theApp;

using namespace std;

int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
	int nRetCode = 0;

	// initialize MFC and print and error on failure
	if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
	{
		// TODO: change error code to suit your needs
		_tprintf(_T("Fatal Error: MFC initialization failed\n"));
		nRetCode = 1;
	}
	else
	{
		// TODO: code your application's behavior here.
		CFile TheFile;
		if ( TRUE == TheFile.Open("Test.exe", CFile::modeRead) )
		{

			DWORD CertIX[10]={0};
			DWORD IXCount = sizeof(CertIX) / sizeof(DWORD);
			DWORD CertCount = 0;

			// Get the count of certs and the index array (typically just one cert )
			if ( TRUE == ImageEnumerateCertificates( TheFile.m_hFile,
				CERT_SECTION_TYPE_ANY,
				&CertCount,
				CertIX,
				IXCount ) )
			{
				DWORD J;

				for ( J = 0; J < CertCount; J++ )
				{
					WIN_CERTIFICATE *pCert = NULL;
					DWORD BuffLen = 0;

					// This should fail, but give us the buffer length we need.
					if ( FALSE == ImageGetCertificateData( TheFile.m_hFile,
						CertIX[J], NULL, &BuffLen ) )
					{
						if ( ERROR_INSUFFICIENT_BUFFER == GetLastError() )
						{
							pCert = ( WIN_CERTIFICATE *) malloc(BuffLen);

							if ( NULL != pCert )
							{
								// Get the actual WIN_CERTIFICATE
								if ( TRUE == ImageGetCertificateData( TheFile.m_hFile,
									CertIX[J], pCert, &BuffLen ) )
								{
									// Convert this to a PCCERT_CONTEXT

									// Or figure out some way to get the Subject names and verify the chain of trust.
									
									/* Does not work
									PCCERT_CONTEXT pCertContext = CertCreateCertificateContext( X509_ASN_ENCODING,
										pCert->bCertificate, pCert->dwLength);
									if ( NULL != pCertContext )
									{
										CertFreeCertificateContext( pCertContext );
									}
									*/
									int T = 3;

								}

								delete pCert;
							}
						}
					}
				}
			}

			TheFile.Close();
		}


	}

	return nRetCode;
}

I can get the cert as a WIN_CERTIFICATE, but I do not know how to convert this to something like a PCCERT_CONTEXT. The reason I want that type is because all the cert APIs seem to deal with that kind of structure.

Test.exe is a signed executable via a Verisign cert. I just want to verify it is OUR cert and that it has a valid chain of trust. For finding out that it is OUR cert, I thought at just looking at the subject like (which you can via the properties on the file from explorer). The subject has the name of our company in it.

Anyway, if anyone knows about this stuff, any help you can give would greatly be appreciated.