0

Windows Platform (8/10/11)

I always sign my compiled exe files with my own official digital certificate.

Im looking for an example to check that the digital certificate of my EXE file is still present & valid at the program start.

Some pseudo code what i want to archieve at program start:

  1. get certificate data of the started exe process
  2. if certificate not exist : exit prg
  3. if certificate not valid : exit prg
  4. if certificate owner not "John Doe" : exit prg

I guess there must be some win-apis to retrieve the certificate data of the current process...

Peter Furz
  • 65
  • 1
  • 8
  • 1
    Does this answer your question? [WinVerifyTrust to check for a specific signature?](https://stackoverflow.com/questions/1072540/winverifytrust-to-check-for-a-specific-signature) – Simon Mourier Jun 17 '23 at 14:26
  • Why do you care? If someone has manipulated your EXE, then they could easily circumvent your signature check as well. – zett42 Jun 17 '23 at 19:27
  • I suggest you could try to use [CertGetCertificateChain function](https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetcertificatechain) to build a certificate chain and then use [CertVerifyCertificateChainPolicy function](https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycertificatechainpolicy) to check a certificate chain to verify its validity. – Jeaninez - MSFT Jun 30 '23 at 09:29

0 Answers0