1

I have an application that will initially be downloaded and installed by the user. To update the application the application itself will

  1. Check if a new version exists
  2. If so download the new version (A setup.exe file created by installshield le bundled with vs2010)
  3. Application then starts a new System.Diagnostics.Process to install the new software (Currently running software is shutdown, uninstalled and new version installed by Installshield)

I want to be able to be sure that the exe is trusted to protect against any webservice hack.
What is the best way to achieve this? I need the verification to happen within my c# .net wpf application.

Oli
  • 2,996
  • 3
  • 28
  • 50

3 Answers3

3

You need to buy an authenticode code signing certificate from a trusted authority (we used godaddy, but there's loads of others out there), and use it to sign all executables in your installer (as a post-build task with signtool.exe)(see here for details) and the installshield generated installer when you build your setup package.

When your update process downloads the new installer package, you might choose to check that the signature is trusted at that point prior to deploying it.

spender
  • 117,338
  • 33
  • 229
  • 351
  • Thanks Spender, this seems to be on the right lines of what I need.I've had a quick look at DSACryptoServiceProvider.Is it secure if I create a pub/priv key with this and include the pub key with my initial installer then sign all update executables with the private key.Just trying to get my head around how I sign and verify with this approach. – Oli May 15 '12 at 01:52
  • Sure, you could do, but in the eyes of the user this is an unverifiable chain of trust. Buying a certificate from an authority will mean that there is a verifiable chain of trust (from the windows certificate store) – spender May 15 '12 at 08:16
1

See http://msdn.microsoft.com/en-us/library/xc31ft41.aspx for info on signing an assembly.

This article will be useful for you as well: http://www.c-sharpcorner.com/uploadfile/puranindia/signing-an-assembly-in-C-Sharp/

Keep the private key you use to sign the assembly secure. See also C#: why sign an assembly?.

Community
  • 1
  • 1
Shawn
  • 8,374
  • 5
  • 37
  • 60
  • Thanks Shawn. This is useful but correct me if I'm wrong here... the above won't help me in my current situation? The complete application will be removed and then replaced by msiexec and I presume I can't look at the new assembly so check it's signature until after it's been installed which is too late. Maybe i'm going about the update in completely the wrong way? – Oli May 15 '12 at 00:13
1

Downloading from known HTTPS location may be enough. You may check server certificate to ensure if you are talking to correct one.

Consider using ClickOnce deployment instead of custom made one...

Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
  • 1
    Everytime I mention Auto-Update I'm always pointed to clickonce ;-) Not for me in this instance although I do appreciate it's capabilites as I'm currently using it for deploying to my Alpha testers. Also I'm trying to protect against a web server hack so in this case the known https location will still be the same but the exe within it may not be. – Oli May 15 '12 at 00:10