Get chain of certificates for a file with PowerShe

2019-05-10 04:20发布

站内问答 / 前沿技术
1741 1 5

I am looking for a method, using PowerShell only, to list the certificate chain for signed files. Specifically to get the Root certificate.

As I need to get a list of which Non-Microsoft root certificates certain executables (on installed software), are dependent on. This is due to a OS-baseline guidelines, that uses the PKI procedure in Microsoft KB293781. Where only specific Root certificates shall be put on specific computers. E.g the much used "VeriSign Class 3 Primary CA - G5", shall only be used when necessary.

Get-AuthenticodeSignature only lists the Issuer. E.g: Get-AuthenticodeSignature C:\windows\system32\MRT.exe

Tools like "SysInternals SigCheck" is able to do this sigcheck.exe -i C:\windows\System32\mrt.exe, and this infomation can be parsed further on. Also other tools like SignTool.exe from the Windows SDK, and AnalyzePESig by Didier Stevens can get this info.

But can this be done using only PowerShell? Perhaps using the WinVerifyTrust API in Windows. https://msdn.microsoft.com/en-us/library/windows/desktop/aa382384(v=vs.85).aspx http://support2.microsoft.com/kb/323809/en-us

Cheers, Tekk

1条回答
Explosion°爆炸
2楼-- · 2019-05-10 05:04

This should be possible by accessing .NET directly in PowerShell. Here's a snippet I whipped up using the example file you had referenced in your question:

# Get a X590Certificate2 certificate object for a file
$cert = (Get-AuthenticodeSignature -FilePath C:\windows\system32\MRT.exe).SignerCertificate
# Create a new chain to store the certificate chain
$chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
# Build the certificate chain from the file certificate
$chain.Build($cert)
# Return the list of certificates in the chain (the root will be the last one)
$chain.ChainElements | ForEach-Object {$_.Certificate}

Does that give you what you were looking for?

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)