When you download a script from the internet, it may contain a digital signature that can help you find out where the script comes from. We looked at this in the previous tip, and this is the code we used: it downloads a PowerShell script to disk, then displays its digital signature:
# save script to file $url = 'https://chocolatey.org/install.ps1' $outPath = "$env:temp\installChocolatey.ps1" Invoke-WebRequest -UseBasicParsing -Uri $url -OutFile $outPath # test signature Get-AuthenticodeSignature -FilePath $outPath
The result would look similar to this:
Directory: C:\Users\tobwe\AppData\Local\Temp
SignerCertificate Status Path
----------------- ------ ----
493018BA27EAA09B895BC5660E77F694B84877C7 Valid installChocolatey.ps1
The column “Status” reports whether the file is trustworthy. Yet how can you get more details about the certificate and its owner, and specifically find out who “493018BA27EAA09B895BC5660E77F694B84877C7” is?
Simply submit the signer certificate to a Windows API function that displays the property dialog for the certificate:
# save script to file $url = 'https://chocolatey.org/install.ps1' $outPath = "$env:temp\installChocolatey.ps1" Invoke-WebRequest -UseBasicParsing -Uri $url -OutFile $outPath # test signature $result = Get-AuthenticodeSignature -FilePath $outPath $signerCert = $result.SignerCertificate Add-Type -Assembly System.Security [Security.Cryptography.x509Certificates.X509Certificate2UI]::DisplayCertificate($signerCert)
Now you know that the cert number refers to “Chocolatey Software, Inc”, and that the certificate was issued by DigiCert. This is why Windows trusted the signature: DigiCert takes measures to validate the signers personal details.
