Is there any way to check for digital signature on a file programmatically in Powershell?

Question

I've a build script which signs a file with a digital certificate (Microsoft Authenticode). I want to create a test script which checks that the file is successfully signed. It's sufficient with a boolean indicating the existence of any signature on the file.

Can I do that with PowerShell without any extensions? If not, what do I need?

Answer 1

Try the Get-AuthenticodeSignature-cmdlet

(Get-AuthenticodeSignature "C:\windows\explorer.exe").Status -eq 'Valid'

True

(Get-AuthenticodeSignature "D:\notes.txt").Status -eq 'Valid'

False

Answer 2

You could simply call signtool.exe to verify the result.

Answer 3

Also you can use sign-check util (npm required).

Install: npm install -g sign-check

Usage: sign-check 'path/to/file'