Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
SignTool is a command-line utility that you can use to verify file signatures, sign files, and time-stamp files. Verifying a file's signature ensures that the file has not been altered since it was signed and that it comes from a trusted source.
Verify a file signature
The following command verifies the signature of a file named MyControl.exe:
SignTool verify MyControl.exe
If the preceding example fails, it could be that the signature used a code-signing certificate. SignTool defaults to the Windows driver policy for verification.
The following command verifies the signature, using the Default Authentication Verification Policy:
SignTool verify /pa MyControl.exe
The following command verifies a system file that may be signed in a catalog:
SignTool verify /a SysFile.dll
The following command verifies a system file that is signed in a catalog named MyCat.cat:
SignTool verify /c MyCat.cat MyFile.ini
For any SignTool verification, you can retrieve the signer of the certificate. The following command verifies a system file and displays the signer certificate:
SignTool verify /v MyControl.exe
SignTool returns command-line text that states the result of the signature check. Additionally, SignTool returns an exit code of zero for successful execution, one for failed execution, and two for execution that completed with warnings.