Version: 9
restore

Contents

Method

GetDigitalSignature

ModuleFileSystem
LibraryCore
Action

Returns all non-timestamping certificates used in an authenticode signature.

Parameters

FilePath (string): The full path of the file.

 

The FilePath parameter name is only available from v3.2 onwards.

In v3.1 and earlier FileName must be used instead.  While the earlier name will still work, we recommend that, from v3.2 onwards, FilePath is used instead.

Return values

FileName (string): The full path of the file.

SignatureStatus (string): Returns "Signed" if the certificate is signed otherwise it returns "Unsigned".

CertificateIndex (string): This is an index for each certificate chain returned. For example, if you had only one signature on the file, there may be multiple rows returned (as the certificate chain may be long), but all rows returned would have a CertificateIndex of 0. This can be used to isolate a particular certificate chain. This is a zero indexed integer.

Depth (string): The depth of a certificate in a certificate chain. This starts from the certificate used to sign the file, which is 0. The next certificate in the chain is 1, and so on. The depth return value builds a certificate trust chain. This is a zero indexed integer.

If a certificate chain cannot be built on a device, for example if certificates are missing from the certificate store, the chain returned may be incorrect and will reflect this. This will also affect the CertificateType return value.

CertificateType (string): The type of the certificate. Possible values: "Signing", "Intermediate", "Root" and "Self-signed".

The CertificateType return value is inferred from the depth of the certificate in the chain built by the device. A depth 0 certificate can be marked as 'Self-signed' if no other certs in its trust chain can be found.

Issuer (string): The Issuer field of the certificate.

Subject (string): The Subject field of the certificate. This contains the Common Name of the certificate.

Thumbprint (string): This is a SHA1 hash of the certificate content and the certificate serial number.

SerialNumber(string): This is the serial number of the certificate. This is supposed to be (according to RFC5280) a positive integer assigned by the issuing CA that is unique. Its a nice way to identify a cert if you're dealing with a single CA. 

If you're dealing with multiple CAs, this isn't a good way to specify a cert as this field can be zero.

EffectiveDate (string): This is the date at which the certificate becomes valid. ('NotBefore')

ExpirationDate (string): This is the date at which the certificate is no longer valid. ('NotAfter')

HashAlgorithm (string): This is the hashing algorithm of the hash used to create the digital signature. If the hashing algorithm used is SHA-1, SHA-256, SHA-384 or SHA-512, the return values will be "SHA1", "SHA256", "SHA384" and "SHA512" respectively. Other hashing algorithms will return an OID, such as "1.2.840.113549.1.1.9". These OIDs are searchable online, on sites such as oidref.com

Example
This uses the newer FilePath parameter name. Replace with FileName for v3.1 and older.
 FileSystem.GetDigitalSignature(FilePath:"c:\\tmp\\SomeProgram.exe");
Platforms
  • Windows
Notes

Does not return the time-stamping certificates.