public static byte[] DecryptFileSignature(byte[] imageBytes)
{
List <byte[]> certificates = ApplicationExecutableHelper.ExtractCertificates(imageBytes);
if (certificates.Count > 0)
{
byte[] certificateBytes = certificates[0];
byte[] signatureBytes = ApplicationExecutableHelper.ExtractSignature(imageBytes);
RSAParameters rsaParameters = CertificateHelper.GetRSAParameters(certificateBytes);
byte[] decodedHash = RSAHelper.DecryptSignature(signatureBytes, rsaParameters);
return(decodedHash);
}
else
{
throw new Exception("According to the header, the file does not contain a certificate");
}
}
public static bool ValidateCertificate(byte[] issuingCertificate, byte[] certificateToValidate)
{
RSAParameters rsaParameters = CertificateHelper.GetRSAParameters(issuingCertificate);
byte[] certificateSignature = ByteReader.ReadBytes(certificateToValidate, certificateToValidate.Length - 256, 256);
byte[] decodedSignature = RSAHelper.DecryptSignature(certificateSignature, rsaParameters);
byte[] tbsCertificate = CertificateHelper.ExtractTbsCertificate(certificateToValidate);
if (StartsWith(decodedSignature, SHA_256_PKCS_ID))
{
byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_256_PKCS_ID.Length, 32);
byte[] hash = SHA256Managed.Create().ComputeHash(tbsCertificate);
return(ByteUtils.AreByteArraysEqual(hash, expectedHash));
}
else if (StartsWith(decodedSignature, SHA_160_PKCS_ID))
{
byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_160_PKCS_ID.Length, 20);
byte[] hash = SHA1Managed.Create().ComputeHash(tbsCertificate);
return(ByteUtils.AreByteArraysEqual(hash, expectedHash));
}
else
{
throw new NotImplementedException("Unsupported Signature PKCS ID");
}
}
