arcade icon indicating copy to clipboard operation
arcade copied to clipboard
verified publisher icon dotnet

SignCheck should be able to verify against a set of known subjects.

Open mmitche opened this issue 1 year ago • 3 comments

  • [ ] This issue is blocking
  • [ ] This issue is causing unreasonable pain

.NET uses its own signing signature (chained to the typical MS Authenticode cert) that we use to sign most of our binaries. These certs have subject names that have meaning to certain tools like Defender. If these change, we want to know and contact the Defender team.

To know when we should perform such an action, I recommend that SignCheck be altered to verify the subject of all authenticode signed files against a known list. If the subject is not in that list, point to a document in Arcade.

mmitche avatar Sep 23 '24 20:09 mmitche

@mmitche are you thinking this should belong in the SignTool epic?

missymessa avatar Nov 07 '24 21:11 missymessa

@ellahathaway Mitchell mentioned that you may have completed this work already.

missymessa avatar Apr 24 '25 17:04 missymessa

@ellahathaway Mitchell mentioned that you may have completed this work already.

I have not done this. My work with SignCheck’s authenticode validation has been about making it work on .NET Core.

ellahathaway avatar Apr 24 '25 17:04 ellahathaway