使用PowerShell获取文件的证书链? [英] Get chain of certificates for a file with PowerShell?

问题描述

我正在寻找一种仅使用PowerShell的方法来列出已签名文件的证书链.专门用于获取根证书.

I am looking for a method, using PowerShell only, to list the certificate chain for signed files. Specifically to get the Root certificate.

我需要获取某些可执行文件(在已安装软件上)所依赖的非Microsoft根证书的列表.这是由于基于OS的准则，该准则使用Microsoft KB293781中的PKI过程.如果只有特定的根证书应放在特定的计算机上.例如，应仅在必要时使用经常使用的"VeriSign 3类主要CA-G5".

As I need to get a list of which Non-Microsoft root certificates certain executables (on installed software), are dependent on. This is due to a OS-baseline guidelines, that uses the PKI procedure in Microsoft KB293781. Where only specific Root certificates shall be put on specific computers. E.g the much used "VeriSign Class 3 Primary CA - G5", shall only be used when necessary.

Get-AuthenticodeSignature仅列出颁发者.例如:Get-AuthenticodeSignature C:\windows\system32\MRT.exe

Get-AuthenticodeSignature only lists the Issuer. E.g: Get-AuthenticodeSignature C:\windows\system32\MRT.exe

诸如"SysInternals SigCheck"之类的工具能够执行此操作，并且可以进一步解析此信息.其他工具，例如Windows SDK中的SignTool.exe和Didier Stevens的AnalyzePESig也可以获取此信息.

Tools like "SysInternals SigCheck" is able to do this sigcheck.exe -i C:\windows\System32\mrt.exe, and this infomation can be parsed further on. Also other tools like SignTool.exe from the Windows SDK, and AnalyzePESig by Didier Stevens can get this info.

但是可以仅使用PowerShell完成此操作吗?也许在Windows中使用WinVerifyTrust API. https://msdn.microsoft. com/zh-CN/library/windows/desktop/aa382384(v = vs.85).aspx http://support2.microsoft.com/kb/323809/zh-CN

But can this be done using only PowerShell? Perhaps using the WinVerifyTrust API in Windows. https://msdn.microsoft.com/en-us/library/windows/desktop/aa382384(v=vs.85).aspx http://support2.microsoft.com/kb/323809/en-us

干杯， Tekk

推荐答案

应该可以通过直接在PowerShell中访问.NET来实现.这是我在问题中引用的示例文件的摘要:

This should be possible by accessing .NET directly in PowerShell. Here's a snippet I whipped up using the example file you had referenced in your question:

# Get a X590Certificate2 certificate object for a file
$cert = (Get-AuthenticodeSignature -FilePath C:\windows\system32\MRT.exe).SignerCertificate
# Create a new chain to store the certificate chain
$chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
# Build the certificate chain from the file certificate
$chain.Build($cert)
# Return the list of certificates in the chain (the root will be the last one)
$chain.ChainElements | ForEach-Object {$_.Certificate}

能给您想要的东西吗?

这篇关于使用PowerShell获取文件的证书链?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！