Using SignTool to Verify a File Signature
The following command verifies the signature of a file named MyControl.exe:
SignTool verify MyControl.exe
If the preceding example fails, it could be that the signature used a code-signing certificate. SignTool defaults to the Windows driver policy for verification.
The following command verifies the signature, using the Default Authentication Verification Policy:
SignTool verify /pa MyControl.exe
The following command verifies a system file that may be signed in a catalog:
SignTool verify /a SysFile.dll
The following command verifies a system file that is signed in a catalog named MyCat.cat:
SignTool verify /c MyCat.catMyFile.ini
For any SignTool verification, you can retrieve the signer of the certificate. The following command verifies a system file and displays the signer certificate:
SignTool verify /v MyControl.exe
SignTool returns command-line text that states the result of the signature check. Additionally, SignTool returns an exit code of zero for successful execution, one for failed execution, and two for execution that completed with warnings.