What is a trust provider?

734 Views Asked by At

As the documentation says:

The WinVerifyTrust function enables applications to invoke a trust provider to verify that a specified object satisfies the criteria of a specified verification operation. (from https://learn.microsoft.com/en-us/windows/win32/api/wintrust/nf-wintrust-winverifytrust)

What actually a trust provider? Where can I find it? what dll's external dll's are loaded when WinVerifyTrust is called?

1

There are 1 best solutions below

0
On

Reading the Microsoft documentation I also had that question. The link in the documentation just sends you to glossary without much information:

The software that decides whether a given file is trusted. This decision is based on the certificate associated with the file.

I came across this document written by Matt Graeber which explains it extensively. It seems that the main dlls that are loaded are Wintrust.dll and cryptdlg.dll As stated in the linked document you can see that in the following registry keys:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\