如何使用PowerShell从签名的dll中提取摘要算法的所有列表? [英] How to extract all the list of digest algorithm from signed dll using PowerShell?
问题描述
我有一个经过数字签名的dll文件。我需要编写一个PowerShell命令,该命令将为我提供用于数字签名的摘要算法。
I have a dll file which is digitally signed. I need to write a PowerShell command which would get me the Digest Algorithm that are used for the Digital Signature.
我同时拥有SHA1和SHA256的Dll,并且我同时需要价值观。
The Dll I have has both SHA1 and SHA256 and I need both values.
我尝试了以下解决方案,但仅提供SHA1
I tried the below solution but it gives SHA1 only
命令:
Get-AuthenticodeSignature $file.Filename |
%{ $_.SignerCertificate.SignatureAlgorithm.friendlyname }
推荐答案
以下综合文章中可能有一个起点:使用PowerShell从签名文件中读取多个签名。
There is a potential starting point in the following comprehensive article: Reading multiple signatures from signed file with PowerShell.
Get-AuthenticodeSignaturecmdlet具有以下限制:
Get-AuthenticodeSignaturecmdlet has the following limitations:
- 仅获取第一个签名;
- 如果签名带有时间戳,则不提供签名时间;
- 不提供签名算法信息。
... 从技术上讲,Microsoft authenticode签名一次仅支持
一个签名。其他签名作为嵌套的
签名完成。
… Technically speaking, Microsoft authenticode signature supports only one signature at a time. Additional signatures are done as nested signatures.
他们编写了
不幸的是,当前 Get-AuthenticodeSignatureEx 函数对于两个以上的签名似乎不足。
They wrote an extended version of Get-AuthenticodeSignature cmdlet as a function licensed under Attribution-ShareAlike 4.0 International license.
Unfortunately, the current Get-AuthenticodeSignatureEx function appears insufficient for more than two signatures.
但是,有< a href = https://docs.microsoft.com/zh-cn/dotnet/framework/tools/signtool-exe rel = nofollow noreferrer> SignTool.exe 。此工具随 Visual Studio 自动安装。
示例(带有 / v 开关:打印详细的成功和状态消息。这可能还会提供有关错误的更多信息。如果要查看有关签名者的信息,则应使用此选项。)
d:\bat> 2>NUL "c:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe" verify /pa /all C:\WINDOWS\system32\OpenCL.dll
File: C:\Windows\System32\OpenCL.dll
Index Algorithm Timestamp
========================================
0 sha1 Authenticode
1 sha256 RFC3161
2 sha256 RFC3161
Successfully verified: C:\Windows\System32\OpenCL.dll
例如,以下 .ps1 脚本可能会发现所有签名超过两次的文件:
For instance, the following .ps1 script could find all files signed more than twice:
$signtool="c:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64\signtool.exe"
Get-ChildItem -File |
ForEach-Object {
$aux = . "$signtool" verify /pa /all $_.FullName 2>$null
if ( $aux -match "^2|^3|^4|^5|^6|^7|^8|^9" ) {
$aux
}
}
(当前使用 Get-ChildItem C:\Windows\System32\nvh * .dll 来限制运行时间和输出大小):
(currently used Get-ChildItem C:\Windows\System32\nvh*.dll to limit run time as well as output size):
D:\PShell\tests\AuthenticodeSignTool.ps1
File: C:\Windows\System32\nvhdagenco6420103.dll
Index Algorithm Timestamp
========================================
0 sha1 Authenticode
1 sha256 RFC3161
2 sha256 RFC3161
3 sha256 RFC3161
Successfully verified: C:\Windows\System32\nvhdagenco6420103.dll
File: C:\Windows\System32\nvhdap64.dll
Index Algorithm Timestamp
========================================
0 sha1 Authenticode
1 sha256 RFC3161
2 sha256 RFC3161
3 sha256 RFC3161
Successfully verified: C:\Windows\System32\nvhdap64.dll
这篇关于如何使用PowerShell从签名的dll中提取摘要算法的所有列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
