Sign files with powershell
bytewhisper
Posted on August 18, 2023
Intro:
PowerShell offers a range of native cmdlets that allow us to sign and verify files without relying on external tools like Signtool.exe. In this step-by-step guide, we will explore how to use PowerShell to sign and verify digital files without using Signtool.exe. Additionally, we will delve into a section demonstrating how PowerShell can replace only the main certificate in a signature.
Note: Before proceeding, make sure you have a valid code signing certificate obtained from a trusted Certificate Authority (CA). Or visit my article: "How to create development certificate"
Press Win + X, then select "Windows PowerShell" or "Terminal" for windows 11, to open PowerShell.
To sign a file, we'll use the Set-AuthenticodeSignature cmdlet, which signs a file using the specified certificate.
$certificatePath = "C:\Path\To\Your\CodeSigningCertificate.pfx"
$certificatePassword = "your_certificate_password"
$fileToSign = "C:\Path\To\Your\File.exe"
$securePassword = ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certificatePath, $securePassword)
Set-AuthenticodeSignature -FilePath $fileToSign -Certificate $certificate
- Replace "C:\Path\To\Your\CodeSigningCertificate.pfx" with the path to your code signing certificate.
- Replace "your_certificate_password" with the password for your certificate.
- Replace "C:\Path\To\Your\File.exe" with the path to the file you want to sign.
Verify the Signature
To verify the signature of the signed file, use the Get-AuthenticodeSignature cmdlet:
$signedFile = "C:\Path\To\Your\SignedFile.exe"
$signature = Get-AuthenticodeSignature -FilePath $signedFile
if ($signature.Status -eq "Valid")
{
Write-Host "Signature is valid."
}
else
{
Write-Host "Signature is not valid."
}
- Replace "C:\Path\To\Your\SignedFile.exe" with the path to the signed file.
Conclusion
PowerShell provides a powerful and native way to sign and verify digital files without the need for external tools like Signtool.exe. By leveraging PowerShell cmdlets, you can confidently sign your files and verify their authenticity and integrity. Always ensure that you keep your code signing certificates secure and protected to maintain the trust and integrity of your signed files.
Posted on August 18, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.