exomic exomic - 1 year ago 73
C# Question

C# Getting a X509Certificate from exe file stored as byte array

I'm currently doing some code optimization (and trying to stop security software from blocking the generated tempFile.exe) in my auto-updater project. Basically the auto-updater.exe is downloading the latest version of program.exe and was saving it to C:\Temp\, check the md5 and the exe signature for security verification and then if all passed we override the program.exe located in the C:\Program File\directory.

I optimized the project to download the program.exe into a byte[] (to avoid creating a temporary file in C:\temp). I'm able to check the md5 of the byte[] as well but trying to check the exe's signature is where I'm getting stuck.

When I was creating the temporary file in C:\temp I was able to create a X509Certificate using the X509Certificate.CreateFromSignedFile("C:\temp\program.exe") method but there's no method accepting a byte[] instead of the file path.

X509Certificate2 theCertificate;
X509Certificate theSigner = X509Certificate.CreateFromSignedFile(pathToFile);
theCertificate = new X509Certificate2(theSigner);
catch (Exception ex)
Console.WriteLine("No digital signature found in: " + pathToFile);
Console.WriteLine("Signature check ex: " + ex);
return false;

// This section will check that the certificate is from a trusted authority IE not self-signed
var theCertificateChain = new X509Chain();
theCertificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
theCertificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
theCertificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
theCertificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

bool chainIsValid = theCertificateChain.Build(theCertificate);

if (chainIsValid)
// Valid signature...

Do you have any suggestion to verify the downloaded program.exe's signature using the byte[] ?

Answer Source

I am not sure this is your concern but of course you can create a cert instance from byte array using the constructor

new X509Certificate2(byte[])