Wahmans Powershell Blog

Get-AuthenticodeSignature

Exploring Get-AuthenticodeSignature in PowerShell

Welcome back to Wahmans PowerShell blog! Today we’re diving into a powerful cmdlet that helps you verify the integrity and source of script and executable files on Windows: Get-AuthenticodeSignature.

According to Microsoft, this cmdlet “Gets information about the Authenticode signature for a file.” It’s a key tool in PowerShell scripting for checking the digital signature of code, which is important when working with files from external sources or ensuring that your code hasn’t been tampered with.

What does it do?

Get-AuthenticodeSignature inspects the digital certificate attached to a file and gives you detailed information such as the signer, status (valid, invalid, unknown), and the certificate used for signing.

Example 1: Basic Usage – Check a Single Script

This is the simplest form of using the cmdlet, perfect for beginners who want to see if a script is signed.

Get-AuthenticodeSignature -FilePath "C:\Scripts\MyScript.ps1"

This will return an object showing whether the script is signed, and if so, whether the signature is valid and who signed it.

Example 2: Check All Scripts in a Folder

Stepping up a bit, you can use it to verify all script files in a folder:

Get-ChildItem -Path "C:\Scripts" -Filter "*.ps1" | ForEach-Object {
    $signature = Get-AuthenticodeSignature $_.FullName
    [PSCustomObject]@{
        Name       = $_.Name
        Status     = $signature.Status
        Signer     = $signature.SignerCertificate.Subject
    }
}

This is very handy in environments where policy dictates that all scripts must be signed.

Example 3: Filter for Unsigned Files

Maybe you only care about unsigned scripts during a security audit. This example finds those files:

Get-ChildItem -Path "C:\Scripts" -Filter "*.ps1" | Where-Object {
    (Get-AuthenticodeSignature $_.FullName).Status -eq 'NotSigned'
}

This allows you to focus on files that might be a risk or need attention before deployment.

Example 4: Advanced – Script Verification Before Execution

In advanced environments, you may want your scripts to automatically verify themselves before running. Below is a sample script header that stops execution if the signature isn’t valid:

$signature = Get-AuthenticodeSignature $MyInvocation.MyCommand.Definition

if ($signature.Status -ne 'Valid') {
    Write-Warning "This script is not signed or has an invalid signature. Execution will stop."
    exit 1
}

This protects your systems from tampering and ensures compliance with security policies.

Wrap-Up

The Get-AuthenticodeSignature cmdlet is a robust tool to help you manage trust and validate script integrity in your PowerShell workflows. From checking individual scripts to implementing automatic validation mechanisms, it adds a valuable layer of security to your scripting practices.

Happy scripting, and I will see you in the next post!

Leave a Reply

Your email address will not be published. Required fields are marked *