Cryptography - Verifying the Signature of a Windows PE File

Cryptography is the use of codes to convert data so that only a specific recipient will be able to read it, using a key.

Microsoft cryptographic technologies include CryptoAPI, Cryptographic Service Providers (CSP), CryptoAPI Tools, CAPICOM, WinTrust, issuing and managing certificates, and developing customizable public key infrastructures.

ref:

Cryptography - http://msdn.microsoft.com/en-us/library/aa380255(v=VS.85).aspx

Example C Program: Verifying the Signature of a PE File - http://msdn.microsoft.com/en-us/library/aa382384(VS.85).aspx

CryptoAPI Tools Reference - http://msdn.microsoft.com/en-us/library/aa380240(v=VS.85).aspx

Windows Script Host: New Code-Signing Features Protect Against Malicious Scripts - http://msdn.microsoft.com/en-us/magazine/cc302149.aspx

Understanding Authentication and Security - http://uk.dwarner.org/library/SHELF5/Internet%20Explorer%20Plug-In%20and%20ActiveX%20Companion/ch5.htm

Tools to Sign Files and Check Signatures - http://msdn.microsoft.com/en-us/library/aa388151(v=VS.85).aspx

Tools to Create, View, and Manage Certificates - http://msdn.microsoft.com/en-us/library/aa388150(v=VS.85).aspx

Example C Code for Opening Certificate Stores - http://msdn.microsoft.com/en-us/library/aa382035(VS.85).aspx

How To Get Information from Authenticode Signed Executables - http://support.microsoft.com/kb/323809

How to retrieve the authenticode information - http://www.ucosoft.com/how-to-program-to-retrieve-the-authenticode-information.html

http://stackoverflow.com/questions/2008519/how-to-verify-that-my-orgainization-signed-a-trusted-windows-binary

An application that calls Cryptography API (CryptoAPI) functions may stop responding on a Windows XP-based computer - http://support.microsoft.com/kb/899420

Validating embedded digital signatures - http://rsanidad.wordpress.com/2008/10/31/validating-embeded-digital-signatures/

Other C Code Examples

The following topics present other procedures and extended C code examples that use the CryptoAPI functions:

• Verifying a CTL
• Verifying Signed Messages by Using CTLs
• Example C Program: Certificate Verification Operations
• Example C Program: Working with Key Identifiers
• Example C Program: Creating a Certificate Chain
• Example C Program: Making a Certificate Request
• Example C Program: ASN.1 Encoding and Decoding
• Example C Program: Using CertOIDToAlgId and CertCompareIntegerBlob
• Example C Program: Verifying the Signature of a PE File
• Modifying Key Container Access