On Mar 17, 5:11 pm, Maciej Oszutowski <l...@my.sigwrote:
Dnia Mon, 17 Mar 2008 13:37:35 -0700 (PDT), Ralph.Ma...@gmail.com
napisa³(a):
I have a requirement to verify the authenticity of VeriSigned exe
file, and while validating the certificate chain is simple enough, I
am having a hard time figuring out how to determine what algorithm was
used to generate the signature...
Why don't you simply use WinVerifyTrust API function?
--
| Maciej Oszutowski | Mowa jest srebrem |
| imagiATpsytranceDOTpl | a milczenie owiec. |
Thanks for the reply. I looked at WinVerifyTrust, but I don't quite
understand how it would be used in this situation. I was under the
impression that the call would simply validate the certificate chain.
In this scenario, even if the certificate is valid and the file
appears to be authentic, I need to ignore it if MD5 was used instead
of SHA1.