Skip to main content

How to verify Digital Signatures of programs in Windows

Software developers and companies may sign software programs they develop or distribute which is used to validate the integrity of the program to ensure that it has not been altered after it has been signed.

The following guide lists several methods to verify digital signatures of programs on a computer running Windows.

Using Explorer

You can display and verify the signature of any program on Windows using Explorer.

Step 1: Right-click on the program that you want to check and select properties from the context menu that is displayed.

properties

Step 2: Select the Digital Signatures tab in the Properties window.

digital signatures

Step 3: If you see signatures listed on the tab, you know that the file has been signed digitally. Double-click on one of the signatures to display further information.

signature details

Windows lists the signer information and countersignatures in the window that opens. You may click on View Certificate to display the signature or click on the advanced tab to display signature details as well.

Windows reveals to you if the "digital signature is ok", or not.

Verify the signature of files using SignTool

signtool verify

SignTool is a Microsoft program that is included in the Windows SDK. The program is not included when you install Windows on a machine or use Windows, and needs to be added to the system by installing the Windows SDK.

  1. Windows 7 SDK
  2. Windows 10 SDK

Note: The download has a size of about 2.5 Gigabytes if you download the Windows 10 SDK. It will install all sorts of files on the system that you don't require if you don't develop Windows programs.

The installer installs signtool.exe in the following locations:

  • C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe
  • C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe

Use the following commands to verify signatures:

  • SignTool verify program.exe -- Defaults to the Windows driver policy for verification.
  • SignTool verify /pa program.exe -- Use this to verify code-signing certificates.

Use the DigiCert Certificate Utility to verify signatures

code signed signature check

You may download the Digicert Certificate Utility for Windows to check application signatures on the operating system.

  1. Run the program after download. It does not need to be installed.
  2. Accept the terms of use displayed on start.
  3. On the "Code Signining" tab, select "check signature" in the header.
  4. Select the program that you want to check using the file browser that opens.
  5. DigiCert checks the signature and displays information in an extra window.
    1. It checks whether the file was signed and if the signature validated.
    2. It checks the timestamp of the signature.

If you get green checkmarks for both checks, verification was successful.

Closing Words

While most Windows users may have no need to verify the signature of programs, it may be useful to developers, researchers and advanced Windows users.

 

This article was first seen on ComTek's "TekBits" Technology News

HOME