Is there anyway to tell if a .pfx file in windows has the code signing ability using command or writing a program?
Code signing ability is added to the certificate via an EKU, so how to check this?
More specifically, kernel mode code signing ability.
Isn’t this indicated by an OID in the X509v3 Extended Key Usage thingy?
Peter
@“Peter_Viscarola_(OSR)” said:
Isn’t this indicated by an OID in the X509v3 Extended Key Usage thingy?Peter
I Think so, but is there any simple command that can show me important features regarding the pfx file, including whether it has code signing EKU or not?
Maybe a cmd or powershell command, or a signtool command? or any open source tool that parses the pfx file format?
The openssl command can certainly do it. That’s one of those commands with a billion subcommands; it can do anything, if you can figure out how to spell it. If you import it with certmgr, you can examine the details and find the usages.
openssl pkcs12 -info -in my.pfx