Dump certs in a binary

Dump-Signers.ps1

Param([Parameter(Mandatory)][string]$Path)

# Caveats:
#
# Get-AuthenticodeSignature cmdlet has the following limitations:
# * Only first signature is fetched;
# * If the signature is timestamped, no signing time is provided;
# * No signature algorithm information is provided.

$chain = New-Object -TypeName Security.Cryptography.X509Certificates.X509Chain

$signature = Get-AuthenticodeSignature -LiteralPath $Path
$status = $signature.Status

if ($status -eq 'Valid') {
    $cert = $signature.SignerCertificate
    $chain.Build($cert) | Out-Null

    # Show signers.
    #
    # Subject and Issuer are in "Distinguished Name" notation (RFC 1779), e.g.
    # CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

    ($chain.ChainElements).Certificate  `
    | Format-List `
        @{ Name='Signer'; Expression={($_.Subject -split ',' | ConvertFrom-StringData).CN} },
        EnhancedKeyUsageList,
        @{ Name='Cert Issuer'; Expression={($_.Issuer -split ',' | ConvertFrom-StringData).CN} },
        SerialNumber,
        Thumbprint,
        # Algorithm
        NotBefore,
        NotAfter
}

# Show version info.

$item = Get-Item $Path
$versionInfo = $item.VersionInfo

[PSCustomObject]@{
    'Verified' = $status
    'FileDate' = $item.LastWriteTime
    # Publisher
    'Company' = $versionInfo.CompanyName
    'Description' = $versionInfo.FileDescription
    'Product'  = $versionInfo.ProductName
    'ProdVersion' = $versionInfo.ProductVersion
    'FileVersion' = $versionInfo.FileVersion
    # MachineType
}