I'm currently doing some code optimization (and trying to stop security software from blocking the generated tempFile.exe) in my auto-updater project. Basically the auto-updater.exe is downloading the latest version of program.exe and was saving it to C:\Temp\, check the md5 and the exe signature for security verification and then if all passed we override the program.exe located in the C:\Program File\directory.
I optimized the project to download the program.exe into a byte (to avoid creating a temporary file in C:\temp). I'm able to check the md5 of the byte as well but trying to check the exe's signature is where I'm getting stuck.
When I was creating the temporary file in C:\temp I was able to create a X509Certificate using the X509Certificate.CreateFromSignedFile("C:\temp\program.exe") method but there's no method accepting a byte instead of the file path.
X509Certificate theSigner = X509Certificate.CreateFromSignedFile(pathToFile);
theCertificate = new X509Certificate2(theSigner);
catch (Exception ex)
Console.WriteLine("No digital signature found in: " + pathToFile);
Console.WriteLine("Signature check ex: " + ex);
// This section will check that the certificate is from a trusted authority IE not self-signed
var theCertificateChain = new X509Chain();
theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
bool chainIsValid = theCertificateChain.Build(theCertificate);
// Valid signature...
I am not sure this is your concern but of course you can create a cert instance from byte array using the constructor