Results 1 to 6 of 6

Thread: How to verify Digital Signature validity of a File by CAPICOM

  1. #1

    Thread Starter
    Lively Member
    Join Date
    Feb 2012
    Posts
    106

    How to verify Digital Signature validity of a File by CAPICOM

    Greetings,
    I am using CAPICOM.dll in vb.net 2010 to check the validity of any digitally signed file's signature.
    Following are the codes i'm using :
    Code:
            Dim signed As New CAPICOM.SignedCode
            signed.FileName = cFilname
            Try
                Dim cert = signed.Certificates(1)
                cert.IsValid.CheckFlag = CAPICOM_CHECK_FLAG.CAPICOM_CHECK_TRUSTED_ROOT Or _
           CAPICOM_CHECK_FLAG.CAPICOM_CHECK_TIME_VALIDITY Or _
           CAPICOM_CHECK_FLAG.CAPICOM_CHECK_SIGNATURE_VALIDITY Or _
           CAPICOM_CHECK_FLAG.CAPICOM_CHECK_ONLINE_REVOCATION_STATUS
                If cert.IsValid.Result Then
                    TextBox2.Text &= "VALID" & vbNewLine
                Else
                    TextBox2.Text &= "NOT VALID" & vbNewLine
                End If
            Catch
                TextBox2.Text &= "NOT VALID" & vbNewLine
            End Try
    Above code is working fine to check if the file (exe) is containing a digital signature OR not.

    Now, the problem is when I am checking this code with a file (which has fake digital signature), it is showing "Valid Signature"

    Where I am doing wrong? Please suggest me. How can I check if the exe is containing a valid signature.


    Thanks
    Regards,

  2. #2

    Thread Starter
    Lively Member
    Join Date
    Feb 2012
    Posts
    106

    Re: How to verify Digital Signature validity of a File by CAPICOM

    Anyone is here?????

  3. #3
    PowerPoster dunfiddlin's Avatar
    Join Date
    Jun 2012
    Posts
    8,245

    Re: How to verify Digital Signature validity of a File by CAPICOM

    You asked a question about CAPICOM.dll without telling us anything about what it is, what it does, or how one obtains it! You then give us code with a declaration of a CAPICOM.SignedCode without any explanation of what this class is. Then we're given a string of constants that mean even less (if that's possible) because you give us neither value or type. And you round it off with "I am checking this code with a file (which has fake digital signature)" without the slightest hint of how you know this is a 'fake' and that it's not a good enough fake to fool other 'detectors' or a copy of the file so that anyone might test this.

    Nope, really can't imagine why you're not getting any answers!
    As the 6-dimensional mathematics professor said to the brain surgeon, "It ain't Rocket Science!"

    Reviews: "dunfiddlin likes his DataTables" - jmcilhinney

    Please be aware that whilst I will read private messages (one day!) I am unlikely to reply to anything that does not contain offers of cash, fame or marriage!

  4. #4

    Thread Starter
    Lively Member
    Join Date
    Feb 2012
    Posts
    106

    Re: How to verify Digital Signature validity of a File by CAPICOM

    It's impressive that you don't know about CAPICOM.dll but more impressive to me that you couldn't even try google.com to know about What is CAPICOM.dll. It's for you..
    Code:
    http://en.wikipedia.org/wiki/CAPICOM
    Well, Above description is enough to let anyone understand what is CAPICOM.dll and what i am asking about.. One more thing, You don't even know about Fake signature..Ok, It means I have copied the digitally signed data of any genuine file and used that data on any another file...
    Code:
    http://oi42.tinypic.com/2u94935.jpg
    Here is the Snapshot.... I hope you have been clear now..

    Thanks !

  5. #5
    PowerPoster dunfiddlin's Avatar
    Join Date
    Jun 2012
    Posts
    8,245

    Re: How to verify Digital Signature validity of a File by CAPICOM

    you couldn't even try google.com to know about What is CAPICOM.dll
    Ah, so in addition to freely giving of their time to answer your queries whilst under absolutely no obligation to do so you think people here should also waste more of that precious time on researching information that you already have and could very easily give us but apparently can't be bothered to? Wow! Just, wow!
    As the 6-dimensional mathematics professor said to the brain surgeon, "It ain't Rocket Science!"

    Reviews: "dunfiddlin likes his DataTables" - jmcilhinney

    Please be aware that whilst I will read private messages (one day!) I am unlikely to reply to anything that does not contain offers of cash, fame or marriage!

  6. #6

    Thread Starter
    Lively Member
    Join Date
    Feb 2012
    Posts
    106

    Re: How to verify Digital Signature validity of a File by CAPICOM

    Where is my hakka noodles bowl buddy... I told you to deliver it to me on time.. Now i won't give you tip...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width