Mono.Security can be used to check for the presence of an Authenticode signature on a assembly. On my system, only one assembly isn’t signed in the .NET 4 GAC. The other 364 of 365 are signed. In the .NET 2 GAC, 936 are signed while 1269 are not. In Windows Explorer, you can see the details on the “Digital Signature” tab in the file’s Properties window.
open System
open System.IO
type Authenticode = Mono.Security.Authenticode.AuthenticodeDeformatter
let windir = Environment.GetFolderPath Environment.SpecialFolder.Windows
let pathGac4 = Path.Combine(windir, @"assembly")
let assemblies = Directory.EnumerateFiles(pathGac4, "*.dll", SearchOption.AllDirectories)
let isSigned (assembly:string) =
let a = Authenticode assembly
a.Signature <> null
let main() =
assemblies
|> Seq.filter isSigned
|> Seq.length |> printfn "%d"
//|> Seq.iter (printfn "%s")
()
main()
I’m using “C:\Program Files (x86)\Mono-2.6.7\lib\mono\2.0\Mono.Security.dll”. Install Mono 2.6.7 for Windows and you’ll have one too.
The next step is to actually validate the assembly. This can be done by using both Mono.Security and System.Security assemblies. You can use AuthenticodeDeformatter to get the RawData bytes for both the SingingCertificate and Certificates that make up the entire chain. Then you can instantiate an X509Certificate2 from System.Security.Cryptography.X509Certificates with the RawData bytes. A few slightly tricky validation steps are left, but I’ll leave that for a future post.