Windows Server - How do get the Certificate info from at .cat file

Asked By Rymfax on 13-Apr-07 06:52 PM
Hello,

I'm hoping you guys can help me out.  I'm trying to programatically
extract the certificate info from a digitally signed .cat file for a
driver and then add that certificated as a trusted publisher.  I'm
having no real luck figuring out how to do this.  I have an example of
how to make a self-signed certificate and add it to a certificate
store, but I'm completely stuck on how to get the certificate info out
of the .cat file.

Any help would be appreciated.  As I'm a novice in C++, examples would
also be very, VERY helpful.

TIA!




Can Balioglu replied on 15-Apr-07 06:27 AM
Hi,

Windows provides the WinTrust API for signature verification, but it's
complex and very badly documented. You must manually open the catalog store,
compute the hash of the driver and seach in the catalog database. Averina
Code Signing Library is much easier to use. Below are two examples for your
need. One in native C++, the other in C#.

INT main(INT argc, PCWSTR *argv)
{
PCRYPT_PROVIDER_DATA ProvData = NULL;

if(AvrVerifyTrust(L"c:\\windows\\system32\\dump.sys", NULL,
AVR_TRUST_WHQL_DRIVER, AVR_TRUST_REV_CHECK_EXCLUDE_ROOT, NULL,
AVR_TRUST_UI_NONE, 0, &ProvData))
{
PCRYPT_PROVIDER_SGNR Signer =
WTHelperGetProvSignerFromChain(ProvData, 0, FALSE, 0);

if(Signer != NULL)
{
PCRYPT_PROVIDER_CERT Cert =
WTHelperGetProvCertFromChain(Signer, 0);

//
// Add Cert->pCert (PCCERT_CONTEXT) to the trusted publishers
store.
//
}
}

if(ProvData != NULL)
{
AvrFreeTrustProvData(ProvData);
}

return 0;
}


static Int32 Main(String[] args)
{
TrustProviderData providerData;

TrustStatus status =
SignedCode.Verify("c:\\windows\\system32\\dump.sys",
VerificationFlags.WHQLDriver, RevocationCheck.ChainExceptRoot, IntPtr.Zero,
UIChoice.None, UIContext.Execute, out providerData);

if(status == TrustStatus.Trusted)
{
SignedCms cms = providerData.GetPkcs7Message();

// Add cms.SignerInfos[0].Certificate to the trusted publisher store.
}

return 0;
}

For more info, visit our web site. http://www.averina.com

Regards;

Can Balioglu
can.balioglu at averina.com

Averina - Code Signing and IT Security Solutions
http://www.averina.com
Mitch Gallant replied on 15-Apr-07 01:30 PM
cat files are signed using Microsoft Authenticode-signatures.
Here is how to get any information from any such signed file (exe, cat, dll,
vbs, cab etc..)
http://support.microsoft.com/default.aspx?scid=kb;en-us;323809

It is much simpler to extract that signer (and also TimeStampSigner) info,
and add it to any cert store using CAPICOM (a com wrapper around cryptoapi
whose installer cab is super small  and super-easy to install ~ 180 kb).
Here is a vbs sample :
http://www.jensign.com/JavaScience/cryptoutils/authverify.txt
which:
- verifies the signature validity (and implicitly valids the certificate
chain up to a trusted root)
- displays the signer cert's info
- displays the signer cert's key size
- displays Authenticode authenticode attributes (coverred by the signature)
- displays the TimeStamp cert id (if timestamped)
- displays the time-stamp date
- displays the timestamper's keysize

- Mitch Gallant
MVP Security
Rymfax replied on 04-May-07 01:17 PM
Hey guys, I just wanted to say thank you for the help!  Your
suggestions rocked!