I have a partner, who has a private+public key generated with a linux openssl tool. He digitally (self) signs his win32 dll with the windows signtool.exe utility. In my C# program I must check if a given win32 dll is signed by him or not. What I have is the DLL, and his public key as a string (maybe I can get his cert file). I am not soo good at how it's work in real. Should I add this .cert file to the trusted certificate store, and check normally like in How to check if a file is signed in C#? or should I change something? I can't really understand what "wintrust_action_generic_verify_v2" guid is for, and what different checks exist anyway. Should I write a new verification chain, or use another policy? Please help me with some advice...
質問する
595 次