What is a trust provider?

Question

As the documentation says:

The WinVerifyTrust function enables applications to invoke a trust provider to verify that a specified object satisfies the criteria of a specified verification operation. (from https://learn.microsoft.com/en-us/windows/win32/api/wintrust/nf-wintrust-winverifytrust)

What actually a trust provider? Where can I find it? what dll's external dll's are loaded when WinVerifyTrust is called?

Answer 1

Reading the Microsoft documentation I also had that question. The link in the documentation just sends you to glossary without much information:

The software that decides whether a given file is trusted. This decision is based on the certificate associated with the file.

I came across this document written by Matt Graeber which explains it extensively. It seems that the main dlls that are loaded are Wintrust.dll and cryptdlg.dll As stated in the linked document you can see that in the following registry keys:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\