问题
I have a dll file which is digitally signed. I need to write a PowerShell command which could get me the Digest Algorithm that is used for the Digital Signature.
Digest Algorithm info I need:
I tried with Get-AuthenticodeSignature but this didn't get me the Digest Algorithm info.
After running the following command I get the below result.
Get-AuthenticodeSignature "C:\Program Files\Application Verifier\vrfauto.dll" | Format-List
Results of above:
回答1:
So what you are looking for is
Get-AuthenticodeSignature | %{
$_.SignerCertificate.SignatureAlgorithm.FriendlyName
}
Lets go over how we got to there. First i find a file that has a Digital Signature. I will use PowerShell-6.1.2-win-x64.msi for this example.
Get-AuthenticodeSignature -FilePath C:\test\PowerShell-6.1.2-win-x64.msi | get-member
We see there is a object for the SignerCertificate
SignerCertificate Property System.Security.Cryptography.X509Certificates.X509Certificate2 SignerCertificate {get;}
So lets see what that holds
Get-AuthenticodeSignature -FilePath C:\test\PowerShell-6.1.2-win-x64.msi | %{
$_.SignerCertificate | get-member
}
Now we see there is a SignatureAlgorithm property
SignatureAlgorithm Property System.Security.Cryptography.Oid SignatureAlgorithm {get;}
Now we dig one more deep
Get-AuthenticodeSignature -FilePath C:\test\PowerShell-6.1.2-win-x64.msi | %{
$_.SignerCertificate.SignatureAlgorithm | get-member
}
We get :
FriendlyName Property string FriendlyName {get;set;}
Value Property string Value {get;set;}
We can see there both strings so we test out which is better for us...turns out its friendly name :
Get-AuthenticodeSignature -FilePath C:\test\PowerShell-6.1.2-win-x64.msi | %{
$_.SignerCertificate.SignatureAlgorithm.FriendlyName
}
Returns
sha256RSA
来源:https://stackoverflow.com/questions/56377287/how-to-extract-digest-algorithm-from-signed-dll-using-powershell