How can I verify signature of a Powershell .ps1 script using C#?

Question

I have some signed .ps1 script, I need to verify they are properly signed from a C# project, is there any algorithm or library to do this?

Thanks!

Answer 1

If the Get-AuthenticodeSignature cmdlet verifies correctly (i.e. it reports an error if not valid) and PSH is available on the target system, you can run PSH within your C# application.

Answer 2

You could host the PowerShell engine to check this using the Get-AuthenticodeSignature cmdlet e.g.:

using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;

private bool VerifyPowerShellScriptSignature()
{
    using (var runspaceInvoke = new RunspaceInvoke())
    {
        string path = "C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\" +
                      "Modules\\PSDiagnostics\\PSDiagnostics.psm1";
        Collection<PSObject> results =
            runspaceInvoke.Invoke("Get-AuthenticodeSignature " + path);
        Signature signature = results[0].BaseObject as Signature;
        return signature == null ? false : 
                                  (signature.Status == SignatureStatus.Valid);
    }
}