Is there any way to check for digital signature on a file programmatically in Powershell?

About

Asked 9/11, 2013 at 13:36 Answered 5/10, 2017 at 13:19

Solved powershell command-line authenticode

I've a build script which signs a file with a digital certificate (Microsoft Authenticode). I want to create a test script which checks that the file is successfully signed. It's sufficient with a boolean indicating the existence of any signature on the file.

Can I do that with PowerShell without any extensions? If not, what do I need?

Imperative answered 9/11, 2013 at 13:36 Comment(0)

Try the Get-AuthenticodeSignature-cmdlet

(Get-AuthenticodeSignature "C:\windows\explorer.exe").Status -eq 'Valid'

True

(Get-AuthenticodeSignature "D:\notes.txt").Status -eq 'Valid'

False

Phonemic answered 9/11, 2013 at 14:12 Comment(0)

You could simply call signtool.exe to verify the result.

Santiagosantillan answered 9/11, 2013 at 13:41 Comment(2)

SignTool counts as an extension because it's not installed by default in Windows. – Deferral 3/9, 2021 at 9:33

My guess was that when you want to verify the signature as part of your build scripts, you'd have the build tools installed. – Santiagosantillan 4/9, 2021 at 7:58

-1

Also you can use sign-check util (npm required).

Install: npm install -g sign-check

Usage: sign-check 'path/to/file'

Schaeffer answered 5/10, 2017 at 13:19 Comment(1)

The original question specified Powershell without any extensions. – Egoism 21/10, 2020 at 21:1

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags