2013-03-20 111 views
0

我有一定的DLL和EXE數字簽名的簽署日期(時間戳),我已經使用PowerShell來檢查文件是否已進行數字簽名與否, 現在,我想要的是得到時間戳(簽名時間)的數字簽名,即文件籤​​名? 如何在PowerShell中獲取此信息? 在此先感謝獲取使用PowerShell

+0

時間戳是在數字簽名的CMS結構的簽約屬性。 – 2013-03-20 07:00:28

+0

@ eugeneMayevski'EldoSCorp我想從PowerShell腳本獲得此屬性,,我想簽約時間11 N如何做到這一點使用PowerShell? – Nitesh 2013-04-01 04:30:30

+0

也許寫一些PowerShell模塊可以完成這項工作?您可以使用我們的SecureBlackbox .NET版本編寫此類模塊。 – 2013-04-01 06:28:21

回答

1

我發現這個到目前爲止唯一的辦法就是在這裏描述:

http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=27

(謝謝Vadims Podans !!!)

只要把下面的代碼在ps1腳本中,然後在最後調用函數,提供要檢查的文件的路徑:

#================================================== 
function Get-AuthenticodeSignatureEx { 
<# 
.ForwardHelpTargetName Get-AuthenticodeSignature 
#> 
[CmdletBinding()] 
    param(
     [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] 
     [String[]]$FilePath 
    ) 
    begin { 
$signature = @" 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CryptQueryObject(
    int dwObjectType, 
    [MarshalAs(UnmanagedType.LPWStr)]string pvObject, 
    int dwExpectedContentTypeFlags, 
    int dwExpectedFormatTypeFlags, 
    int dwFlags, 
    ref int pdwMsgAndCertEncodingType, 
    ref int pdwContentType, 
    ref int pdwFormatType, 
    ref IntPtr phCertStore, 
    ref IntPtr phMsg, 
    ref IntPtr ppvContext 
); 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CryptMsgGetParam(
    IntPtr hCryptMsg, 
    int dwParamType, 
    int dwIndex, 
    byte[] pvData, 
    ref int pcbData 
); 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CryptMsgClose(
    IntPtr hCryptMsg 
); 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CertCloseStore(
    IntPtr hCertStore, 
    int dwFlags 
); 
"@ 
     Add-Type -AssemblyName System.Security 
     Add-Type -MemberDefinition $signature -Namespace PKI -Name Crypt32 
    } 
    process { 
     Get-AuthenticodeSignature @PSBoundParameters | ForEach-Object { 
      $Output = $_ 
      if ($Output.SignerCertificate -ne $null) { 
       $pdwMsgAndCertEncodingType = 0 
       $pdwContentType = 0 
       $pdwFormatType = 0 
       [IntPtr]$phCertStore = [IntPtr]::Zero 
       [IntPtr]$phMsg = [IntPtr]::Zero 
       [IntPtr]$ppvContext = [IntPtr]::Zero 
       $return = [PKI.Crypt32]::CryptQueryObject(
        1, 
        $Output.Path, 
        16382, 
        14, 
        $null, 
        [ref]$pdwMsgAndCertEncodingType, 
        [ref]$pdwContentType, 
        [ref]$pdwFormatType, 
        [ref]$phCertStore, 
        [ref]$phMsg, 
        [ref]$ppvContext 
       ) 
       $pcbData = 0 
       $return = [PKI.Crypt32]::CryptMsgGetParam($phMsg,29,0,$null,[ref]$pcbData) 
       $pvData = New-Object byte[] -ArgumentList $pcbData 
       $return = [PKI.Crypt32]::CryptMsgGetParam($phMsg,29,0,$pvData,[ref]$pcbData) 
       $SignedCms = New-Object Security.Cryptography.Pkcs.SignedCms 
       $SignedCms.Decode($pvData) 
       foreach ($Infos in $SignedCms.SignerInfos) { 
        foreach ($CounterSignerInfos in $Infos.CounterSignerInfos) { 
         $sTime = ($CounterSignerInfos.SignedAttributes | ?{$_.Oid.Value -eq "1.2.840.113549.1.9.5"}).Values | ` 
         Where-Object {$_.SigningTime -ne $null} 
        } 
       } 
       $Output | Add-Member -MemberType NoteProperty -Name SigningTime -Value $sTime.SigningTime.ToLocalTime() -PassThru -Force 
       [void][PKI.Crypt32]::CryptMsgClose($phMsg) 
       [void][PKI.Crypt32]::CertCloseStore($phCertStore,0) 
      } else { 
       $Output 
      } 
     } 
    } 
    end {} 
} 

Get-AuthenticodeSignatureEx .\wsusscn2.cab | FL * 





#================================================== 

Th Ë輸出應該給你的所有信息,包括:

SigningTime:2014年8月4日09:27:2

希望它能幫助!