Signature verification

  • Thread starter Thread starter Ralph.Malek
  • Start date Start date
R

Ralph.Malek

Would anyone happen to know how to determine if a digital signature
used MD5 or SHA1 as the digest algorithm?

I have a requirement to verify the authenticity of VeriSigned exe
file, and while validating the certificate chain is simple enough, I
am having a hard time figuring out how to determine what algorithm was
used to generate the signature...

Thanks,
 
Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), (e-mail address removed)
napisa³(a):
I have a requirement to verify the authenticity of VeriSigned exe
file, and while validating the certificate chain is simple enough, I
am having a hard time figuring out how to determine what algorithm was
used to generate the signature...
Click to expand...

Why don't you simply use WinVerifyTrust API function?
 
Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), (e-mail address removed)
napisa³(a):


Why don't you simply use WinVerifyTrust API function?
Click to expand...

Thanks for the reply. I looked at WinVerifyTrust, but I don't quite
understand how it would be used in this situation. I was under the
impression that the call would simply validate the certificate chain.
In this scenario, even if the certificate is valid and the file
appears to be authentic, I need to ignore it if MD5 was used instead
of SHA1.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

iTextSharp - Signing a PDF 0
Adding MD5CryptoServiceProvider hash to an XMLSerializer.Serialize 2
how to verify signature with DSACryptoServiceProvider 0
How To associate ServicePointManager with Connection? 2
Digital signature verification? 8
HELP ME: SIGN ACTIVEX 1
C# .NET 4 Framework freeware program security question 3
ClickOnce exception in IE 1

Back
Top