0

I am absolute beginner in coding, My question is how can i retrieve complete details of Digital Certificate of files containing in multiple sub folders(export to csv). With little help from google, i found below powershell code which suffice this for a single file.

get-childitem C:\Windows\notepad.exe | Get-AuthenticodeSignature  |Format-List

I am having 300+ files (exe/DLLS) in multiple sub folders. What i what

  • Fetch the details for all the files including files in sub folders.
  • Export the details to csv. attached image file
  • Column headers > SignerCertificate:Subject,SignerCertificate: Issuer,SignerCertificate: Serial Number,SignerCertificate: Not Before,SignerCertificate: Not After,SignerCertificate:Thumbprint,TimeStamperCertificate:Subject,TimeStamperCertificate: Issuer,TimeStamperCertificate: Serial Number,TimeStamperCertificate: Not Before,TimeStamperCertificate: Not After,TimeStamperCertificate:Thumbprint,Status,StatusMessage,Path
Biz
  • 3
  • 1
  • See [Example 3](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-authenticodesignature?view=powershell-7.2#example-3--get-only-valid-authenticode-signatures-for-multiple-files) and use `-Recurse` switch on `Get-ChildItem`. – Santiago Squarzon Dec 08 '21 at 18:35

1 Answers1

1

If you know the paths to all of the files you could add them all to a .csv, then run a script with a ForEach loop containing all of them.

Example of csv formatting: csv Format

Then you could try the following script:

EDIT: Removed the System.Array as per Santiago.

# Make an array containing all FilePaths by importing the .csv file to a variable
$Files = (Import-Csv C:\Path\To\Import.csv).FilePath

# Run the script for each $File in the $Files array
$AllFilesExport = ForEach($File in $Files) {
    
    # Get the information you want about the file
    $FileInfo = Get-ChildItem $File | Get-AuthenticodeSignature
    
    # Specify the Column name (left) and what data it should have in it (right)
    [pscustomobject]@{
        'SignerCertificate:Subject' = $FileInfo.SignerCertificate.Subject
        'SignerCertificate: Issuer' = $FileInfo.SignerCertificate.Issuer
        'SignerCertificate: Serial Number' = $FileInfo.SignerCertificate.SerialNumber
        'SignerCertificate: Not Before' = $FileInfo.SignerCertificate.NotBefore
        'SignerCertificate: Not After' = $FileInfo.SignerCertificate.NotAfter
        'SignerCertificate: Thumbprint' = $FileInfo.SignerCertificate.Thumbprint
        'TimeStamperCertificate: Subject' = $FileInfo.TimeStamperCertificate.Subject
        'TimeStamperCertificate: Issuer' = $FileInfo.TimeStamperCertificate.Issuer
        'TimeStamperCertificate: Serial Number' = $FileInfo.TimeStamperCertificate.SerialNumber
        'TimeStamperCertificate: Not Before' = $FileInfo.TimeStamperCertificate.NotBefore
        'TimeStamperCertificate: Not After' = $FileInfo.TimeStamperCertificate.NotAfter
        'TimeStamperCertificate: Thumbprint' = $FileInfo.TimeStamperCertificate.Thumbprint
        'Status' = $FileInfo.Status
        'StatusMessage' = $FileInfo.StatusMessage
        'Path' = $FileInfo.Path
    }
}

# Export all of the file information from the AllFileExport array into an export .csv file
$AllFilesExport | Export-Csv -NoTypeInformation C:\Path\To\Export.csv
Josh Gattis
  • 91
  • 6
  • 2
    You might want to avoid adding values to a `System.Array`, here is a nice Q&A that explains very well the implications and better ways to approach it https://stackoverflow.com/questions/60708578/why-should-i-avoid-using-the-increase-assignment-operator-to-create-a-colle – Santiago Squarzon Dec 08 '21 at 18:56
  • 1
    @SantiagoSquarzon edited the script per the suggestion in that Q&A. Thanks! – Josh Gattis Dec 08 '21 at 20:39
  • 1
    @SantiagoSquarzon Thanks again, missed that when cleaning it up after testing that it worked lol. – Josh Gattis Dec 08 '21 at 21:48
  • 1
    Thank you Josh Gattis .....SantiagoSquarzon aaah !!! ... why i could not think of this approach :( This was the exact thing i wanted. Thanks you for your guidance on this, Something new i learnt. I was actually bumping around [this] (https://devblogs.microsoft.com/scripting/get-certificate-info-into-a-csv-by-using-powershell/) approach. – Biz Dec 09 '21 at 15:25
  • @Josh Gattis Thank you. – Biz Dec 09 '21 at 15:25