Geek Answers Handbook

Confirm Authenticode signature as being in our company for automatic updates

I am introducing an automatic update function and need some advice on how to do this safely using best practices. I would like to use a signed Authenticode signature file to make sure that it is safe to run (i.e. it comes from our company and has not been modified). My question is very similar to question # 2008519.

The main question is: what is the best, safest way to verify the Authenticode signature for the auto-update feature? What fields in the certificate should be checked? Requirements: (1) authentication is valid, (2) verify its signatures, (3) old clients can be updated when my certificate expires, and I receive a new one.

Here are some background data / ideas from my research: I believe that this can be divided into two stages:

  • Make sure the signature is valid. I believe this should be easy with WinVerifyTrust, as described in http://msdn.microsoft.com/en-us/library/aa382384(VS.85).aspx - here I do not expect problems.

  • Make sure the signature matches our company and not another company. This seems to be a more complicated question:

One possibility is to check some lines in the signature. It can be obtained using the code in the article MS KB # 323809, but this article does not contain recommendations about which fields should be checked for this type of application (or any other, for that matter). Question No. 1072540 also illustrates how to obtain certificate information, but again does not recommend which fields are validated. My concern is that strings may not be the best test: what if another person can get a certificate with the same name, for example? Or if there is a good reason for changing strings in the future?

The person in question # 2008519 has a very similar requirement. His need for the TrustedByU feature is identical to mine. However, it does validate by comparing public keys. Although this will work in the short term, it does not appear to work for the automatic update feature. This is due to the fact that code signing certificates are valid only for 2 to 3 years. Therefore, in the future, when we buy a new certificate after 2 years, old customers will no longer be able to renew due to a change in the public key.

+9
c windows cryptography digital-signature authenticode
source share
1 answer

The person on Question # 2008519 has a very similar requirement. His need for the TrustedByUs feature is identical to mine. However, it does a check by comparing the public keys. Although this will work in the short run, it does not seem to work for the auto-update feature. This is due to the fact that code signing certificates are only valid for 2 to 3 years maximum. Therefore, in the future, when we buy a new certificate in 2 years, old customers would not be able to renew more due to a change in the public key.

Since the problem is that the application trusts you and not trusts you, you can simply use self-recording and embed any public keys needed in the applications themselves. This gives you more control over the process. This is inappropriate if you ask a user or application that is not under your control to trust, but in this case the application is under your control, so it will work fine. This allows you to very easily avoid the problem of accepting someone else's similar certificate for your own.

+3
source share

More articles:


All Articles