Checking for valid digital signature
Posted: Fri Aug 05, 2011 11:01 am
I need to have some files do a "self check" to make sure A) the file is digitally signed, and B) that signature is still valid and C) who signed the file.
You can sign a file, then hack the file, but this invalidates the signature; but the signature is still there; you can then resign the file. So technically, the file has two digital signatures, only one valid.
I need to be able to do a 'self check' that makes sure my digital signature was the last one to sign it; and it's still a valid signature.
There's got to be an api or series of api's to do this.
thanks
-j
You can sign a file, then hack the file, but this invalidates the signature; but the signature is still there; you can then resign the file. So technically, the file has two digital signatures, only one valid.
I need to be able to do a 'self check' that makes sure my digital signature was the last one to sign it; and it's still a valid signature.
There's got to be an api or series of api's to do this.
thanks
-j