Signature verification

**Maciej Oszutowski** · Mar 17 '08, 09:15 PM

Re: Signature verification

Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), Ralph.Malek@gma il.com
napisa³(a):

I have a requirement to verify the authenticity of VeriSigned exe
file, and while validating the certificate chain is simple enough, I
am having a hard time figuring out how to determine what algorithm was
used to generate the signature...

**Shenro** · Mar 18 '08, 01:55 PM

Re: Signature verification

On Mar 17, 5:11 pm, Maciej Oszutowski <l...@my.sigwro te:

Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), Ralph.Ma...@gma il.com
napisa³(a):
>

I have a requirement to verify the authenticity of VeriSigned exe
file, and while validating the certificate chain is simple enough, I
am having a hard time figuring out how to determine what algorithm was
used to generate the signature...

Thanks for the reply. I looked at WinVerifyTrust, but I don't quite
understand how it would be used in this situation. I was under the
impression that the call would simply validate the certificate chain.
In this scenario, even if the certificate is valid and the file
appears to be authentic, I need to ignore it if MD5 was used instead
of SHA1.

Signature verification

Signature verification

Comment

Comment