// constructor for silent WinTrustDataChoice.File check public WinTrustData(String _fileName) { // On Win7SP1+, don't allow MD2 or MD4 signatures if ((Environment.OSVersion.Version.Major > 6) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor > 1)) || ((Environment.OSVersion.Version.Major == 6) && (Environment.OSVersion.Version.Minor == 1) && !String.IsNullOrEmpty(Environment.OSVersion.ServicePack))) { ProvFlags |= WinTrustDataProvFlags.DisableMD2andMD4; } WinTrustFileInfo wtfiData = new WinTrustFileInfo(_fileName); FileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrustFileInfo))); Marshal.StructureToPtr(wtfiData, FileInfoPtr, false); }
// call WinTrust.WinVerifyTrust() to check embedded file signature public static string VerifyEmbeddedSignature(string filename) { WinTrustFileInfo winTrustFileInfo = null; WinTrustData winTrustData = null; try { // specify the WinVerifyTrust function/action that we want Guid action = new Guid(WINTRUST_ACTION_GENERIC_VERIFY_V2); // instantiate our WinTrustFileInfo and WinTrustData data structures winTrustFileInfo = new WinTrustFileInfo(filename); winTrustData = new WinTrustData(filename); // call into WinVerifyTrust WinVerifyTrustResult result = WinVerifyTrust(INVALID_HANDLE_VALUE, action, winTrustData); switch (result) { case WinVerifyTrustResult.Success: return("Valid"); case WinVerifyTrustResult.ProviderUnknown: return("ProviderUnknown"); case WinVerifyTrustResult.ActionUnknown: return("ActionUnknown"); case WinVerifyTrustResult.SubjectFormUnknown: return("SubjectFormUnknown"); case WinVerifyTrustResult.SubjectNotTrusted: return("SubjectNotTrusted"); case WinVerifyTrustResult.FileNotSigned: return("FileNotSigned"); case WinVerifyTrustResult.SubjectExplicitlyDistrusted: return("SubjectExplicitlyDistrusted"); case WinVerifyTrustResult.SignatureOrFileCorrupt: return("SignatureOrFileCorrupt"); case WinVerifyTrustResult.SubjectCertExpired: return("SubjectCertExpired"); case WinVerifyTrustResult.SubjectCertificateRevoked: return("SubjectCertificateRevoked"); case WinVerifyTrustResult.UntrustedRoot: return("UntrustedRoot"); default: // The UI was disabled in dwUIChoice or the admin policy // has disabled user trust. lStatus contains the // publisher or time stamp chain error. return(result.ToString()); } } catch (Exception e) { Log.Debug("{0} error decoding signature on {1}", e.GetType().ToString(), filename); } return("Unknown"); }