Verify signed executable in CE

Verify signed executable in CE

Post by Brya » Wed, 12 May 2010 01:24:34

I need to verify a signed executable in Windows CE 6.0. I am limited
to using either the CryptAPI for CE or System.Security.Cryptography
from the Compact Framework, both of which are subsets of what's
available in XP. I can't make much of it work. So far I'm finding
the .Net classes are too limited to be of any use for this. Has
anyone done this? Can anyone help me understand how to use what's
available to make this work. I have it broken into these steps.

1. Parse PE to find signing data. (Did this)
2. Extract x509 certificate
3. Verify certificate chain. (Can do using X509Certificate2, but can't
populate X509Certificate2 in CE)
4. Extract public key
5. Hash PE file (Did this using CryptAPI)
6. Verify data using file hash and public key


1. Verify signed executable in CE

2. Verifying a signed executable?

Be patient if I'm heading the wrong way, I'm battling with the

I'm using CE5.0, with native code Apps under VS2008 - I thought it would
be a good idea to add a little bit of 'confidence' that the .exe my
users were running really is one I want them to run rather than a
corrupted file or an interim test release. My idea is to "Authenticode
sign" official releases. If that is a bad idea, do tell me!

All I want to do is test, from within my app, when it runs, whether it
is a valid, "signed" release.

I think I understand how to do that in a Win32 app, as per Microsoft KB
article "How to get information
from Authenticode Signed Executables". But it uses functions like
CryptQueryObject which I can't find in CE5.0.

I don't want to force all applications to be digitally signed, ie I'm
not trying to implement a "Trusted environment Model" as per
OEMCertifyModule etc.

Is there a way of doing what I'm trying to do? Or an alternative way?
Any pointers to appropriate documentation would be welcome.


3. how can I verify if an executable is signed

4. Verifying a Signed Executable before running it on a remote machine.

5. Self-Signed Test Certificates and signing SHIMS for Add-Ins

6. Repost: Verify - .NET IDTExtensibility2 add-ins are Word 2002

7. Verify - .NET IDTExtensibility2 add-ins are Word 2002 and later on

8. Repost: Verify - .NET IDTExtensibility2 add-ins are Word 2002 and

9. =?Utf-8?Q?=CE=98=CE=95=CE=9C=CE=91:__update_queries?=

10. =?Utf-8?Q?=CE=98=CE=95=CE=9C=CE=91:__criteria_NOT_working?=

11. =?Utf-8?Q?=CE=98=CE=95=CE=9C=CE=91:__EXCEL_OR_ACCESS?=

12. Verifying an executable via CRC

13. =?Utf-8?Q?=CE=98=CE=95=CE=9C=CE=91:__disable_shortcut_keys?=

14. =?Utf-8?Q?=CE=98=CE=95=CE=9C=CE=91:__RecordExit_event?=