.netcertificatesignsigned-assembly

What information of a certificate used to sign an application is stored in the application?


I need to know if the information contained in the certificate used to sign a .Net application is stored somewhere in the binary file.

We need this information to decide if we should buy a trusted certificate from Verisign or alike or if it is the same if we use one created with Visual Studio.


Solution

  • It's the same as using a self emitted certificate in a web site, there will be a warning saying that the certificate doesn't come from a trusted authority. Signing data is stored in binary file.

    "The publisher can now begin signing and distributing software on the Internet. Publishers use utility programs to sign the software they intend to publish. The utility programs use the private key to generate a digital signature on a digest of the binary file and create a signature file containing the signed content of a public key certificate standard (PKCS) #7 signed-data object. (For more information about PKCS #7, see the RSA specification listed in Appendix D: Suggested Reading.) The PKCS #7 signed-data object also contains a copy of the software publishing certificate. For portable executable image format files, the PKCS #7 signature file contents are stored in the binary file itself, in an additional section.

    https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx