问题
I signed a file using Signtool.exe and now I am trying to load the certificate attached to the file using the following method
var cert = X509Certificate2.CreateFromSignedFile(filePath);
but his line throws an error "Cannot find the requested object.". When I try reading the certificate from a microsoft signed dll e.g. EntityFramework.dll, it works without any problems. I thought it could be because I don't have the certificate in the Trusted Store but even after adding it there, it continues to throw error. Does anyone know how to fix this?
回答1:
You can use wintrust component to collect the signature information
[DllImportAttribute("wintrust.dll", EntryPoint = "WTGetSignatureInfo", CallingConvention = CallingConvention.StdCall)]
internal static extern int WTGetSignatureInfo([InAttribute()] [MarshalAsAttribute(UnmanagedType.LPWStr)] string pszFile, [InAttribute()] System.IntPtr hFile, SIGNATURE_INFO_FLAGS sigInfoFlags, ref SIGNATURE_INFO psiginfo, ref System.IntPtr ppCertContext, ref System.IntPtr phWVTStateData);
This will collect the signature details from any signable files that microsoft prescribes. But make sure that you execute the given function under single threaded apartment model. Otherwise you will find weird results for signed script files like .js/.vbs and etc.
Please refer How to validate authenticode for Javascript in C# for more details.
来源:https://stackoverflow.com/questions/48525856/reading-digital-certificate-from-the-file