Is there any way to check for digital signature on a file programmatically in Powershell?

Question

I've a build script which signs a file with a digital certificate (Microsoft Authenticode). I want to create a test script which checks that the file is successfully signed. It's sufficient with a boolean indicating the existence of any signature on the file.

Can I do that with PowerShell without any extensions? If not, what do I need?

score 22 · Accepted Answer · edited Jul 23 '17 at 18:57

22

Try the Get-AuthenticodeSignature-cmdlet

(Get-AuthenticodeSignature "C:\windows\explorer.exe").Status -eq 'Valid'

True

(Get-AuthenticodeSignature "D:\notes.txt").Status -eq 'Valid'

False

edited Jul 23 '17 at 18:57

Daniel Lo Nigro

3,346
27
29

answered Nov 09 '13 at 14:12

Frode F.

52,376
9
98
114

score 3 · Answer 2 · answered Nov 09 '13 at 13:41

3

You could simply call signtool.exe to verify the result.

answered Nov 09 '13 at 13:41

jessehouwing

106,458
22
256
341

SignTool counts as an extension because it's not installed by default in Windows. – user3710044 Sep 03 '21 at 09:33
My guess was that when you want to verify the signature as part of your build scripts, you'd have the build tools installed. – jessehouwing Sep 04 '21 at 07:58

score 0 · Answer 3 · answered Oct 05 '17 at 13:19

0

Also you can use sign-check util (npm required).

Install: npm install -g sign-check

Usage: sign-check 'path/to/file'

answered Oct 05 '17 at 13:19

kami4ka

187
1
12

The original question specified Powershell without any extensions. – Daisuke Aramaki Oct 21 '20 at 21:01

Is there any way to check for digital signature on a file programmatically in Powershell?

3 Answers3