https://github.com/xan105/node-win-verify-trust
Check the signature of a file using the WinVerifyTrust API
https://github.com/xan105/node-win-verify-trust
node sign signature trust windows winverifytrust
Last synced: about 1 year ago
JSON representation
Check the signature of a file using the WinVerifyTrust API
- Host: GitHub
- URL: https://github.com/xan105/node-win-verify-trust
- Owner: xan105
- License: mit
- Created: 2021-06-05T21:07:53.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2025-02-28T14:33:23.000Z (over 1 year ago)
- Last Synced: 2025-04-19T04:53:58.534Z (about 1 year ago)
- Topics: node, sign, signature, trust, windows, winverifytrust
- Language: C++
- Homepage:
- Size: 1.57 MB
- Stars: 7
- Watchers: 1
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
About
=====
Check the signature of a file using the WinVerifyTrust API.
Retrieve some certificate information.
📦 Scoped `@xan105` packages are for my own personal use but feel free to use them.
Example
=======
Dead simple:
```js
import { isSigned } from "@xan105/win-verify-trust";
const trusted = await isSigned("/path/to/file");
console.log(trusted) //boolean
```
Verbose:
```js
import { verifyTrust } from "@xan105/win-verify-trust";
const { trusted, message } = await verifyTrust("/path/to/file");
console.log(trusted, message)
//true
//"The file is signed and the signature was verified"
```
Once you know a file is signed and the signature was verified.
You may want to check some info of the cert:
```js
import { getCertificate } from "@xan105/win-verify-trust";
const certificate = await getCertificate("steam_api64.dll");
console.log(certificate)
/*
{
signer: {
issuer: 'DigiCert SHA2 Assured ID Code Signing CA',
subject: 'Valve',
serialNumber: '054f466ceccbe9d6bee81f5435e64d47',
digestAlgo: 'sha1'
},
timestamp: {
issuer: 'Symantec Time Stamping Services CA - G2',
subject: 'Symantec Time Stamping Services Signer - G4',
serialNumber: '0ecff438c8febf356e04d86a981b1a50',
digestAlgo: 'sha1'
}
}
*/
```
💡 You can pass an optional arg to `isSigned()`
to also check that the cert was signed for the specified signer subject:
```js
import { isSigned } from "@xan105/win-verify-trust";
const trusted = await isSigned("steam_api64.dll", "valve");
console.log(trusted) //boolean
```
Installation
============
```
npm install @xan105/win-verify-trust
```
Force compiling:
```
npm install @xan105/win-verify-trust --build-from-source
```
You will need C/C++ build tools and Python 3.x (node-gyp) to build this module.
🚀 x86, x64 and arm64 prebuilt binary provided.
API
===
⚠️ This module is only available as an ECMAScript module (ESM).
## Named export
#### `verifyTrust(filePath: string): Promise`
Performs a trust verification action on the specified file using the WinVerifyTrust API.
**Return value**
Returns an object as
```ts
{
trusted: boolean,
message: string
}
```
Where `trusted` indicates if the file is signed and the signature was verified.
And `message` the details of the trust status (verbose).
_eg: "No signature was present in the subject"_
**Remarks**
❌ This function will throw if the target file doesn't exist, or file ext isn't allowed, or it timeout.
⚠️ Allowed ext are: ".exe", ".cab", ".dll", ".ocx", ".msi", ".msix", ".xpi", ".ps1".
#### `getCertificate(filePath: string): Promise`
Retrieve some certificate information.
Once you know a file is signed and the signature was verified after having used `verifyTrust()` you may want to check some certificate information.
**Return value**
Returns an object as
```ts
{
programName?: string,
publisherLink?: string,
infoLink?: string,
signer: {
issuer?: string,
subject?: string,
serialNumber?: string,
digestAlgo?: string
},
timestamp?: {
issuer?: string,
subject?: string,
serialNumber?: string,
digestAlgo?: string
}
}
```
Where `signer` contains information from the _signer certificate_ and `timestamp` from the _timestamp certificate_.
`programName` is the program name, `publisherLink` and `infoLink` are publisher information.
**Remarks**
❌ This function will throw on error.
⚠️ Allowed ext are: ".exe", ".cab", ".dll", ".ocx", ".msi", ".msix", ".xpi", ".ps1".
💡 Invoking this function on an unsigned target will result in an `ETIMEOUT` error. You should use `verifyTrust()` first.
#### `isSigned(filePath: string, name?: string | null): Promise`
Check if the specified file is signed and trusted.
Optionally also check that the signer certificate was issued for the specified subject name (_case-insensitive_).
This is a shorthand of `verifyTrust()` and `getCertificate()`.
This function doesn't throw.