Code-Signing Mini-Series (Part 5: Auditing Signatures)

by Dec 4, 2018

Once a PowerShell script carries a digital signature, you can easily find out who signed the script, and more importantly, whether the script is still untampered. In the previous parts of this series, you learned how to create digital certificates, and how to apply new code-signing signatures to PowerShell files. Now let’s see how you can validate scripts.

# this is the path to the scripts you'd like to examine
$Path = "$home\Documents"

Get-ChildItem -Path $Path -Filter *.ps1 -Recurse |
  Get-AuthenticodeSignature

Simply adjust the path. The script finds all PowerShell scripts located in that path, then checks their signature. The result typically is one of these:

NotSigned:	has no signature
UnknownError:	was signed by a non-trusted certificate
HashMismatch:	has changed since the signature was applied
Valid:		was signed by a trusted entity, and hasn’t changed since

Twitter This Tip! ReTweet this Tip!