Open
Description
Hi guys!
- I have all the certificates in a SignedData structure except for the root CA's one. At the same time one of intermediate CA's certificates is trusted so that I seem don't need to have a root:
signer -> intermediate1 -> intermediate2 (trusted) -> root (absent)
Can I use SignedData.verify() to verify the chain (without having root)? The root is the "Microsoft Code Verification Root" which I'm not able to find.
UPD:
2) I've also noticed that there seems no difference between:
- putting additional certificates to SignedData.certificates (say, after downloading them from InfoAccess unsecure HTTP (not HTTPS) URIs)
- providing them in trustedCerts property of SignedDataVerifyParams
But as far as I understand there should be the significant difference between them:
- in the first case we don't care if the certificates are forged -- this will be revealed during the verification procedure. We just provide here the absent certificates to build the chain from the signer up to the trusted certificate
- in the second case we provide trusted certificates which we downloaded from trusted places like Microsoft or DigiCert website. We take the responsibility that the certificates are not forged.
Thank you!
Metadata
Metadata
Assignees
Labels
No labels