How to programmatically verify an assembly is signed with a specific Certificate?

Question

My scenario is we have one program (exe) that will start other programs if found in a particular folder. I want to ensure it only ever starts programs which are signed with our

Answer 1

There exist two signing technologies for .NET assemblies: strongnaming and Authenticode (authenticode is used to sign PE and some other files, not just .NET assemblies). They are used for different purposes. Certificates are used in Authenticode only to authenticate the author. Strongnaming doesn't authenticate the author at all.

Besides checking the signature, the certificate must be validated to ensure that it was issued for given author. Proper validation is a complex procedure that involves CRL (certificate revocation list) and OCSP (online certificate status) checking.

To perform verification of Authenticode signature you need Authenticode verification component. One of the options is to use PKIBlackbox package of our SecureBlackbox product. The package includes Authenticode verification as well as complete certificate validation mechanisms.

Note that if you are not going to validate the certificate, there's no sense in verifying the signature at all, because one can create a self-signed certificate with the same Subject, Serial number etc., and use it to sign the forged assembly.