Verifying the integrity and authenticity of digitally signed libraries
Posted by - NA -, Last modified by Tanner O on 18 October 2017 02:50 PM
Microsoft Authenticode technology is used to digitally sign executable and other file formats in order to embed information about the author and to provide a means of verifying the trustworthiness of the author and the integrity of the file to ensure it is safe and has not been altered. A trusted certification authority (CA) issues certificates that are used to sign such files.
Authenticode is often used to sign installers so that the Window's User Account Control (UAC) prompt shows the author's company name as a verified publisher. There are many other potential uses of Authenticode technology, but the focus of this article is on Dynamic-Link Library (DLL) security.
Protection PLUS offers a number of DLLs for accessing the various licensing APIs. Protection PLUS 5 SDK is available is various editions which will have either PLUSManaged.dll and
To take advantage of these signed libraries you must add code to your application to verify the signature and to check that we are the publisher that signed the library. Unfortunately, it would not be secure to add functions to do this verification to the libraries themselves. Implementing such signature verification into one's application can help prevent dependent licensing libraries, or any other signed libraries, from being tampered with or faked. Libraries could be altered to always return "SUCCESS" for the licensing routines or proxy DLLs could be used to intercept your sensitive information or to reverse engineer your intellectual property.
For additional security tips, view our blog post: 4 things developers often overlook when securing their software
Implementing Signature Verification
C/C++ applications, as well as other comparable languages that support DLLs, are able to use the Microsoft CryptoAPI's WinTrust library to verify the signature is trusted as well as the integrity of the file. This is all accomplished with the WinVerifyTrust function. .NET applications can call this function using P/Invoke. An example program for "Verifying the Signature of a PE File" can be found at http://msdn.microsoft.com/en-us/library/aa382384(v=VS.85).aspx
Programming languages that support ActiveX, such as Visual Basic (VB6), can use the CryptoAPI's COM interface (CAPICOM). The
Dim isValid As Boolean
Implementing Publisher Verification
After the signature has been verified, you must then verify the publisher is whom you believe it is. This is done by manually comparing the publisher information to known values.
C/C++ applications, as well as other comparable languages that support DLLs, are able to use the Microsoft CryptoAPI's "Certificate Verification Functions" to extract the publisher information. An example of "How To Get Information from Authenticode Signed Executables" can be found at http://support.microsoft.com/kb/323809/en-us
Programming languages that support ActiveX, such as Visual Basic (VB6), can use the CryptoAPI's COM interface (CAPICOM). The Certificate object's GetInfo method is used to extract the publisher information. A Visual Basic example follows:
Dim isValid As Boolean
If codeSignature .Certificates(1).GetInfo(CAPICOM_CERT_INFO_SUBJECT_SIMPLE_NAME) <> "Concept Software Inc." Then
.NET applications can use the X509Certificate or X509Certificate2 classes in the System.Security.Cryptography.X509Certificates namespace to extract the publisher information. A C# example follows:
if (!cert.Subject.StartsWith("CN=Concept Software Inc.")
Other third-party API's may be available for verifying Authenticode signatures or extracting information from the X.509 certificates contained within them.