Here’s how to detect whether an assembly is digitally signed (using C#)


Digital signatures are the public-key primitives of message authentication. In common words, hand written signatures are defined to put authenticity of a file. In digital word, it’s the digital signature binds a person/entity to the digital data.

 

In this blog post, we will learn how to detect whether an assembly (.dll or .exe) is digitally signed. We will use .NET/C# to identify the same. Continue reading to know more on this topic.

 

Using C#, how to detect whether a dll or exe is digitally signed (www.kunal-chowdhury.com)

 

When a signer electronically signs a document, the signature is created using the signer's private key, which is always securely kept by the signer. You can digitally sign a document for many of the same reasons why you might place a handwritten signature on a paper document.

 

A digital signature is used to help authenticate the identity of the creator of digital information — such as documents, e-mail messages etc. — by using the cryptographic algorithms. When a .dll and/or .exe file is digitally signed by a signer, you can confirm the same from the said file’s properties.

 

To detect whether the assembly file is signed or not, right click on the file and click the ‘Properties’ from the context menu. If you see a ‘Digital Signatures’ tab in the properties window, that means, the file is signed by a digital signature (as shown below). Clicking the tab will show you a list of signatures added to the file.

 

Digital signature of a dll (www.kunal-chowdhury.com)

 

To detect the same in .NET applications using C#, you need to first add the Microsoft assembly ‘System.Management.Automation.dll’ in the project. Then you need to create the RunspaceConfiguration to create the runspace. Once that is created, open the pipeline and get the ‘AuthenticationSignature’. This will return you a result set. If the first item in the result set is not null and has a signer certificate as signature, you can say that the said file has a digital signature.

 

You can find the code method to check the digital signing status of an assembly below:

 

 
public static bool IsSigned(string filepath)
{
    var runspaceConfiguration = RunspaceConfiguration.Create();
    using (var runspace = RunspaceFactory.CreateRunspace(runspaceConfiguration))
    {
        runspace.Open();
        using (var pipeline = runspace.CreatePipeline())
        {
            pipeline.Commands.AddScript("Get-AuthenticodeSignature \"" + filepath + "\"");
            var results = pipeline.Invoke();
            runspace.Close();
 
            var signature = results[0].BaseObject as Signature;
            return signature == null || signature.SignerCertificate == null ? 
                   false : (signature.Status != SignatureStatus.NotSigned);
        }
    }
}
 

Please note that the above process is simple enough to check whether the assembly is signed or not. But the problem that come here is the size of the System.Management.Automation.dll, which is approximately 2 MB. For such a small implementation, adding a 2MB file in the solution/installer is no way a recommended approach.

 

Anyway, I hope that the above post was useful. Do let me know, if you have any queries. Stay tuned for upcoming articles in this blog space. Have a great day!

 

 


If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with me directly on Twitter, Facebook, Google+ and LinkedIn. I would love to hear your thoughts and opinions on my articles directly. Also, don't forget to share your views and/or feedback in the comment section below.

5 comments

  1. Are there any free code signing certs available?
    Like LetsEncrypt for SSL?

    ReplyDelete
    Replies
    1. I doubt it. What problem would that solve? It doesn't give transport security, and if it's free it wouldn't be able to verify that the publisher is who they claim to be with the rigor that you need.

      Delete
  2. The entire code fragment is based around one powershell cmdlet (Get-AuthenticodeSignature). To address your remark of referencing a large System.Management.Automation.dll, I suggest don't do C# because all the code is just about executing a PowerShell block from from C#. Why not just use PowerShell?

    ReplyDelete
    Replies
    1. This is actually based on your business requirement. If you need to do this using PowerShell; go for it. In case of .Net/C#, above is the code.

      Delete

 
© 2008-2016 Kunal-Chowdhury.com - Microsoft Technology Blog for developers and consumers | Designed by Kunal Chowdhury
Back to top