0
我有一定的DLL和EXE數字簽名的簽署日期(時間戳),我已經使用PowerShell來檢查文件是否已進行數字簽名與否, 現在,我想要的是得到時間戳(簽名時間)的數字簽名,即文件籤名? 如何在PowerShell中獲取此信息? 在此先感謝獲取使用PowerShell
我有一定的DLL和EXE數字簽名的簽署日期(時間戳),我已經使用PowerShell來檢查文件是否已進行數字簽名與否, 現在,我想要的是得到時間戳(簽名時間)的數字簽名,即文件籤名? 如何在PowerShell中獲取此信息? 在此先感謝獲取使用PowerShell
我發現這個到目前爲止唯一的辦法就是在這裏描述:
http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=27
(謝謝Vadims Podans !!!)
只要把下面的代碼在ps1腳本中,然後在最後調用函數,提供要檢查的文件的路徑:
#==================================================
function Get-AuthenticodeSignatureEx {
<#
.ForwardHelpTargetName Get-AuthenticodeSignature
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[String[]]$FilePath
)
begin {
$signature = @"
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CryptQueryObject(
int dwObjectType,
[MarshalAs(UnmanagedType.LPWStr)]string pvObject,
int dwExpectedContentTypeFlags,
int dwExpectedFormatTypeFlags,
int dwFlags,
ref int pdwMsgAndCertEncodingType,
ref int pdwContentType,
ref int pdwFormatType,
ref IntPtr phCertStore,
ref IntPtr phMsg,
ref IntPtr ppvContext
);
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CryptMsgGetParam(
IntPtr hCryptMsg,
int dwParamType,
int dwIndex,
byte[] pvData,
ref int pcbData
);
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CryptMsgClose(
IntPtr hCryptMsg
);
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool CertCloseStore(
IntPtr hCertStore,
int dwFlags
);
"@
Add-Type -AssemblyName System.Security
Add-Type -MemberDefinition $signature -Namespace PKI -Name Crypt32
}
process {
Get-AuthenticodeSignature @PSBoundParameters | ForEach-Object {
$Output = $_
if ($Output.SignerCertificate -ne $null) {
$pdwMsgAndCertEncodingType = 0
$pdwContentType = 0
$pdwFormatType = 0
[IntPtr]$phCertStore = [IntPtr]::Zero
[IntPtr]$phMsg = [IntPtr]::Zero
[IntPtr]$ppvContext = [IntPtr]::Zero
$return = [PKI.Crypt32]::CryptQueryObject(
1,
$Output.Path,
16382,
14,
$null,
[ref]$pdwMsgAndCertEncodingType,
[ref]$pdwContentType,
[ref]$pdwFormatType,
[ref]$phCertStore,
[ref]$phMsg,
[ref]$ppvContext
)
$pcbData = 0
$return = [PKI.Crypt32]::CryptMsgGetParam($phMsg,29,0,$null,[ref]$pcbData)
$pvData = New-Object byte[] -ArgumentList $pcbData
$return = [PKI.Crypt32]::CryptMsgGetParam($phMsg,29,0,$pvData,[ref]$pcbData)
$SignedCms = New-Object Security.Cryptography.Pkcs.SignedCms
$SignedCms.Decode($pvData)
foreach ($Infos in $SignedCms.SignerInfos) {
foreach ($CounterSignerInfos in $Infos.CounterSignerInfos) {
$sTime = ($CounterSignerInfos.SignedAttributes | ?{$_.Oid.Value -eq "1.2.840.113549.1.9.5"}).Values | `
Where-Object {$_.SigningTime -ne $null}
}
}
$Output | Add-Member -MemberType NoteProperty -Name SigningTime -Value $sTime.SigningTime.ToLocalTime() -PassThru -Force
[void][PKI.Crypt32]::CryptMsgClose($phMsg)
[void][PKI.Crypt32]::CertCloseStore($phCertStore,0)
} else {
$Output
}
}
}
end {}
}
Get-AuthenticodeSignatureEx .\wsusscn2.cab | FL *
#==================================================
Th Ë輸出應該給你的所有信息,包括:
SigningTime:2014年8月4日09:27:2
希望它能幫助!
時間戳是在數字簽名的CMS結構的簽約屬性。 – 2013-03-20 07:00:28
@ eugeneMayevski'EldoSCorp我想從PowerShell腳本獲得此屬性,,我想簽約時間11 N如何做到這一點使用PowerShell? – Nitesh 2013-04-01 04:30:30
也許寫一些PowerShell模塊可以完成這項工作?您可以使用我們的SecureBlackbox .NET版本編寫此類模塊。 – 2013-04-01 06:28:21