Software developers and companies may sign software programs they develop or distribute which is used to validate the integrity of the program to ensure that it has not been altered after it has been signed.
The following guide lists several methods to verify digital signatures of programs on a computer running Windows.
You can display and verify the signature of any program on Windows using Explorer.
Step 1: Right-click on the program that you want to check and select properties from the context menu that is displayed.
Step 3: If you see signatures listed on the tab, you know that the file has been signed digitally. Double-click on one of the signatures to display further information.
Windows lists the signer information and countersignatures in the window that opens. You may click on View Certificate to display the signature or click on the advanced tab to display signature details as well.
Windows reveals to you if the “digital signature is ok”, or not.
Verify the signature of files using SignTool
SignTool is a Microsoft program that is included in the Windows SDK. The program is not included when you install Windows on a machine or use Windows, and needs to be added to the system by installing the Windows SDK.
Note: The download has a size of about 2.5 Gigabytes if you download the Windows 10 SDK. It will install all sorts of files on the system that you don’t require if you don’t develop Windows programs.
The installer installs signtool.exe in the following locations:
- C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe
- C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe
Use the following commands to verify signatures:
- SignTool verify program.exe — Defaults to the Windows driver policy for verification.
- SignTool verify /pa program.exe — Use this to verify code-signing certificates.
Use the DigiCert Certificate Utility to verify signatures
You may download the Digicert Certificate Utility for Windows to check application signatures on the operating system.
- Run the program after download. It does not need to be installed.
- On the “Code Signining” tab, select “check signature” in the header.
- Select the program that you want to check using the file browser that opens.
- DigiCert checks the signature and displays information in an extra window.
- It checks whether the file was signed and if the signature validated.
- It checks the timestamp of the signature.
If you get green checkmarks for both checks, verification was successful.
While most Windows users may have no need to verify the signature of programs, it may be useful to developers, researchers and advanced Windows users.