Solved

how to verify a digitally signed file?

Posted on 2011-02-20
4
816 Views
Last Modified: 2012-08-14
I am using the following code to check for a signature and it works great.  except, if the file is modified it still returns that it is signed.  I want to further check that the signature is still valid but I can't seem to find the right function to do it.  Please help if you can!

uses jwawincrypt;

function issigned(const f: string): boolean;
var
  SignerInfo: PCmsgSignerInfo;
  CertInfo: TCertInfo;
  Msg:HCRYPTMSG;
  StoreHandle:HCERTSTORE;
  CertContext: PCertContext;
  Filepath: WideString;
  CertName: array[0..255] of WideChar;
  CT:Dword;
  DataSize: Cardinal;
begin
  filepath:=f;
  signerinfo:=nil;

  CT:=0;
  DataSize:=0;
  result:=false;
  try
  if (f <> '') and CryptQueryObject(CERT_QUERY_OBJECT_FILE, @FilePath[1], CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY, 0, nil, @CT, nil, @StoreHandle, @Msg, nil)
    and (CT = CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED) and CryptMsgGetParam(Msg,CMSG_SIGNER_INFO_PARAM,0,nil,DataSize) then
    begin
      try
        Getmem(SignerInfo,DataSize);
        CryptMsgGetParam(Msg, CMSG_SIGNER_INFO_PARAM, 0, SignerInfo, DataSize);
        fillchar(certinfo, sizeof(certinfo), #0);
        certinfo.Issuer:=signerinfo^.Issuer;
        CertInfo.SerialNumber := SignerInfo^.SerialNumber;
        CertContext:=CertFindCertificateInStore(StoreHandle, X509_ASN_ENCODING or PKCS_7_ASN_ENCODING,0,CERT_FIND_SUBJECT_CERT, @CertInfo, nil);
        result:=(CertGetNameStringW(CertContext, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, nil, CertName, 256) > 0);
      finally
         if assigned(signerinfo) then
           FreeMem(SignerInfo);
         CertCloseStore(StoreHandle, 0);
         CryptMsgClose(Msg);
      end;
    end;
  except
  end;
end;

Open in new window

0
Comment
Question by:DSOM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Expert Comment

by:BigRat
ID: 34941760
CertVerifyTimeValidity Function perhaps?

http://msdn.microsoft.com/en-us/library/aa376091(v=vs.85).aspx

0
 

Accepted Solution

by:
DSOM earned 0 total points
ID: 34943399
I found what I was looking for here after spending a lot of timing finding out what I was looking for ;)

http://www.experts-exchange.com/Programming/Languages/Pascal/Delphi/Q_20318315.html

0
 

Author Closing Comment

by:DSOM
ID: 34986419
Found answer from another question here.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question