Powershell get-authenticodesignature not complete
Zanten, Ben van
get-authenticode cmdlets
First
I have a repository with a large set of (signed) .vbs scripts. I use a
script (vbscript) CheckSigns.vbs to recursively loop through the
directories and check each file if it is signed.
This is not quite performing, so I tried to re-write this in Powershell.
However, for .vbs files the get-authenticodesignature cmdlet says they are
unsigned. THIS IS INCORRECT.
The command line tool: signtool.exe DOES show they are signed.
The cmdlet works OK for .exe and .ps1 files, as the attached log shows.
Second:
A Feature request
I use the command: "signtool.exe verify /tw " to generate a time warning
(error level becomes 2) if scripts are signed but without a time-signature
counter sign.
I sure would like to do this with the powershell cmdlet
get-authenticodesignature for instance by adding a parameter for this
feature
Greetz, and tia
Ben van Zanten
#######################
## *.VBS WRONG
## In this example you see the signtool.exe correctly saying the *.vbs are
signed.
## however, get-authenticaodeSignature says NotSigned.
#######################
PS Z:\Deploy\Altiris\config> .\signtool.exe verify /pa /tw *.vbs
Successfully verified: ChangeIP.vbs
Successfully verified: CheckSigns.vbs
Successfully verified: CheckVersions.vbs
Successfully verified: ClearEventlogs.vbs
Successfully verified: InteractivePWCrypt.vbs
Successfully verified: Replace.vbs
PS Z:\Deploy\Altiris\config> ls .\* -include *.vbs |
Get-AuthenticodeSignature
Directory: Z:\Deploy\Altiris\config
SignerCertificate Status
Path
----------------- ------
----
NotSigned
ChangeIP.vbs
NotSigned
CheckSigns.vbs
NotSigned
CheckVersions.vbs
NotSigned
ClearEventlogs.vbs
NotSigned
InteractivePWCrypt.vbs
NotSigned
Replace.vbs
#######################
## *. ps1 OK
## For *.ps1 files, both signtool.exe and the cmdlet says they are signed
#######################
PS Z:\Deploy\Altiris\config> .\signtool.exe verify /pa /tw *.ps1
Successfully verified: CheckSigns.ps1
PS Z:\Deploy\Altiris\config> ls .\* -include *.ps1 |
Get-AuthenticodeSignature
Directory: Z:\Deploy\Altiris\config
SignerCertificate Status
Path
----------------- ------
----
CD38C4AB62F19AB88E4EB09F90D28901C2B26A15 Valid
CheckSigns.ps1
#######################
## *. exe OK
## For *.exe files, both signtool.exe and the cmdlet says they are signed
correctly, or not
#######################
PS Z:\Deploy\Altiris\config> ls C:\Windows\system32\* -include
drmupgds.exe,dwwin.exe,icardagt.exe | Get-AuthenticodeSignature
Directory: C:\Windows\system32
SignerCertificate Status
Path
----------------- ------
----
564E01066387F26C912010D06BD78D3CF1E845AB Valid
drmupgds.exe
282D9806C3DF7345929F64F5895EF2EA4AC29302 HashMismatch
dwwin.exe
564E01066387F26C912010D06BD78D3CF1E845AB Valid
icardagt.exe
PS Z:\Deploy\Altiris\config> Z:\Deploy\Altiris\config\signtool.exe verify
/pa /tw C:\Windows\system32\drmupgds.exe C:\Windows\system32\dwwin.exe
C:\Windows\system32\icardagt.exe
Successfully verified: C:\Windows\system32\drmupgds.exe
SignTool Error: WinVerifyTrust returned error: 0x80096010
The digital signature of the object did not verify.
SignTool Error: File not valid: C:\Windows\system32\dwwin.exe
Successfully verified: C:\Windows\system32\icardagt.exe
Number of files successfully Verified: 2
Number of errors: 1
(This last .exe example shows by the way that my Windows 2003 sp2
installation has a signed executable dwwin.exe that does not correspond to
the signature) this is in this case beside the point, both signtool.exe AND
get-authenticode give the same correct result in saying the signature is not
valid )
Zanten, Ben van
## however, get-authenticodeSignature says NotSigned.
Zanten, Ben van
I posted a bug on the get-authenticode not recognizing .vbs scripts on the
connect site.
you can vote here:
https://connect.microsoft.com/feedback/ViewFeedback.aspx?FeedbackID=332314&SiteID=99
I posted a suggestion to expand the get-authenticode cmdlet with a parameter
to also check on timestamps on:
https://connect.microsoft.com/feedback/ViewFeedback.aspx?FeedbackID=332315&SiteID=99