Programmatically checking the Authenticode signature on a file

While I was at MEDC 2006, someone asked me if there was a way to find out programatically what certificate a file is signed with. The answer is yes, and it is really easy using the cryptography libraries on the .Net Framework. (This is desktop code).

Don't forget to add a reference to the cryptography libraries and then the following using statements to your file:

using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

The following function will return you an X509Certificate object that you can later use to get additional information, like the certificate issuer. For more information on the X509Certificate class, take a look at http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate_members.aspx .

/// <summary>
/// Gets the certificate the file is signed with.
/// </summary>
/// <param name="filename">The path of the signed file from which to
/// create the X.509 certificate. </param>
/// <returns>The certificate the file is signed with</returns>
public X509Certificate GetAppCertificate(string filename)
{
X509Certificate cert = null;
try
    {
cert = X509Certificate.CreateFromSignedFile(filename);
}
    catch (CryptographicException e)
{
        Console.WriteLine("Error {0} : {1}", e.GetType(), e.Message);
        Console.WriteLine("Couldn't parse the certificate." +
"Be sure it is a X.509 certificate");
}
    return cert;
}

Enjoy!

Luis E. Cabrera
Windows Mobile Team.
====
This posting is "AS IS" and confers no rights or privileges.