1. 首页
  2. 问答
  3. 获取使用PowerShell

获取使用PowerShell

2013-03-20 137 views
0

我有一定的DLL和EXE数字签名的签署日期(时间戳),我已经使用PowerShell来检查文件是否已进行数字签名与否, 现在,我想要的是得到时间戳(签名时间)的数字签名,即文件签​​名? 如何在PowerShell中获取此信息? 在此先感谢获取使用PowerShell

来源

2013-03-20 Nitesh

+0

时间戳是在数字签名的CMS结构的签约属性。 – 2013-03-20 07:00:28

+0

@ eugeneMayevski'EldoSCorp我想从PowerShell脚本获得此属性,,我想签约时间11 N如何做到这一点使用PowerShell? – Nitesh 2013-04-01 04:30:30

+0

也许写一些PowerShell模块可以完成这项工作?您可以使用我们的SecureBlackbox .NET版本编写此类模块。 – 2013-04-01 06:28:21

回答

1

我发现这个到目前为止唯一的办法就是在这里描述:

http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=27

(谢谢Vadims Podans !!!)

只要把下面的代码在ps1脚本中,然后在最后调用函数,提供要检查的文件的路径:

#================================================== 
function Get-AuthenticodeSignatureEx { 
<# 
.ForwardHelpTargetName Get-AuthenticodeSignature 
#> 
[CmdletBinding()] 
    param(
     [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] 
     [String[]]$FilePath 
    ) 
    begin { 
$signature = @" 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CryptQueryObject(
    int dwObjectType, 
    [MarshalAs(UnmanagedType.LPWStr)]string pvObject, 
    int dwExpectedContentTypeFlags, 
    int dwExpectedFormatTypeFlags, 
    int dwFlags, 
    ref int pdwMsgAndCertEncodingType, 
    ref int pdwContentType, 
    ref int pdwFormatType, 
    ref IntPtr phCertStore, 
    ref IntPtr phMsg, 
    ref IntPtr ppvContext 
); 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CryptMsgGetParam(
    IntPtr hCryptMsg, 
    int dwParamType, 
    int dwIndex, 
    byte[] pvData, 
    ref int pcbData 
); 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CryptMsgClose(
    IntPtr hCryptMsg 
); 
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
public static extern bool CertCloseStore(
    IntPtr hCertStore, 
    int dwFlags 
); 
"@ 
     Add-Type -AssemblyName System.Security 
     Add-Type -MemberDefinition $signature -Namespace PKI -Name Crypt32 
    } 
    process { 
     Get-AuthenticodeSignature @PSBoundParameters | ForEach-Object { 
      $Output = $_ 
      if ($Output.SignerCertificate -ne $null) { 
       $pdwMsgAndCertEncodingType = 0 
       $pdwContentType = 0 
       $pdwFormatType = 0 
       [IntPtr]$phCertStore = [IntPtr]::Zero 
       [IntPtr]$phMsg = [IntPtr]::Zero 
       [IntPtr]$ppvContext = [IntPtr]::Zero 
       $return = [PKI.Crypt32]::CryptQueryObject(
        1, 
        $Output.Path, 
        16382, 
        14, 
        $null, 
        [ref]$pdwMsgAndCertEncodingType, 
        [ref]$pdwContentType, 
        [ref]$pdwFormatType, 
        [ref]$phCertStore, 
        [ref]$phMsg, 
        [ref]$ppvContext 
       ) 
       $pcbData = 0 
       $return = [PKI.Crypt32]::CryptMsgGetParam($phMsg,29,0,$null,[ref]$pcbData) 
       $pvData = New-Object byte[] -ArgumentList $pcbData 
       $return = [PKI.Crypt32]::CryptMsgGetParam($phMsg,29,0,$pvData,[ref]$pcbData) 
       $SignedCms = New-Object Security.Cryptography.Pkcs.SignedCms 
       $SignedCms.Decode($pvData) 
       foreach ($Infos in $SignedCms.SignerInfos) { 
        foreach ($CounterSignerInfos in $Infos.CounterSignerInfos) { 
         $sTime = ($CounterSignerInfos.SignedAttributes | ?{$_.Oid.Value -eq "1.2.840.113549.1.9.5"}).Values | ` 
         Where-Object {$_.SigningTime -ne $null} 
        } 
       } 
       $Output | Add-Member -MemberType NoteProperty -Name SigningTime -Value $sTime.SigningTime.ToLocalTime() -PassThru -Force 
       [void][PKI.Crypt32]::CryptMsgClose($phMsg) 
       [void][PKI.Crypt32]::CertCloseStore($phCertStore,0) 
      } else { 
       $Output 
      } 
     } 
    } 
    end {} 
} 

Get-AuthenticodeSignatureEx .\wsusscn2.cab | FL * 





#==================================================

Th Ë输出应该给你的所有信息,包括:

SigningTime:2014年8月4日09:27:2

希望它能帮助!

来源

2014-09-12 13:01:39 NianRen

相关问题

 相关问题