Note
Access to this page requires authorization. You can trysigning in orchanging directories.
Access to this page requires authorization. You can trychanging directories.
dotnet nuget verify
In this article
This article applies to: ✔️ .NET 5.0.100-rc.2.x SDK and later versions
Name
dotnet nuget verify - Verifies a signed NuGet package.
Synopsis
dotnet nuget verify [<package-path(s)>] [--all] [--certificate-fingerprint <FINGERPRINT>] [-v|--verbosity <LEVEL>] [--configfile <FILE>]dotnet nuget verify -h|--helpDescription
Thedotnet nuget verify command verifies a signed NuGet package.
Note
This command requires a certificate root store that is valid for both code signing and timestamping. Also, this command may not be supported on some combinations of operating system and .NET SDK. For more information, seeNuGet signed package verification.
Arguments
package-path(s)Specifies the file path to the package(s) to be verified. Multiple position arguments can be passed in to verify multiple packages.
Options
--allSpecifies that all verifications possible should be performed on the package(s). By default, only
signaturesare verified.
Note
This command currently supports onlysignature verification.
--certificate-fingerprint <FINGERPRINT>Verify that the signer certificate matches with one of the specified
SHA256fingerprints. This option can be supplied multiple times to provide multiple fingerprints.-v|--verbosity <LEVEL>Sets the verbosity level of the command. Allowed values are
q[uiet],m[inimal],n[ormal],d[etailed], anddiag[nostic]. The default isminimal. For more information, seeLoggerVerbosity.The following table shows what is displayed for each verbosity level.
q[uiet]m[inimal]n[ormal]d[etailed]diag[nostic]Certificate chain Information❌ ❌ ❌ ✔️ ✔️ Path to package being verified❌ ❌ ✔️ ✔️ ✔️ Hashing algorithm used for signature❌ ❌ ✔️ ✔️ ✔️ Author/Repository Certificate -> SHA1 hash❌ ❌ ✔️ ✔️ ✔️ Author/Repository Certificate -> Issued By❌ ❌ ✔️ ✔️ ✔️ Timestamp Certificate -> Issued By❌ ❌ ✔️ ✔️ ✔️ Timestamp Certificate -> SHA-256 hash❌ ❌ ✔️ ✔️ ✔️ Timestamp Certificate -> Validity period❌ ❌ ✔️ ✔️ ✔️ Timestamp Certificate -> SHA1 hash❌ ❌ ✔️ ✔️ ✔️ Timestamp Certificate -> Subject name❌ ❌ ✔️ ✔️ ✔️ Author/Repository Certificate -> Subject name❌ ✔️ ✔️ ✔️ ✔️ Author/Repository Certificate -> SHA-256 hash❌ ✔️ ✔️ ✔️ ✔️ Author/Repository Certificate -> Validity period❌ ✔️ ✔️ ✔️ ✔️ Author/Repository Certificate -> Service index URL (If applicable)❌ ✔️ ✔️ ✔️ ✔️ Package name being verified❌ ✔️ ✔️ ✔️ ✔️ Type of signature (author or repository)❌ ✔️ ✔️ ✔️ ✔️ ❌ indicates details that arenot displayed. ✔️ indicates details that are displayed.
--configfile <FILE>The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, seeCommon NuGet Configurations.
-?|-h|--helpPrints out a description of how to use the command.
Examples
Verifyfoo.nupkg:
dotnet nuget verify foo.nupkgVerify multiple NuGet packages -foo.nupkg andall .nupkg files in the directory specified:
dotnet nuget verify foo.nupkg c:\mydir\*.nupkgVerifyfoo.nupkg signature matches with the specified certificate fingerprint:
dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039Verifyfoo.nupkg signature matches with one of the specified certificate fingerprints:
dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039 --certificate-fingerprint EC10992GG5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E027Verify the signature offoo.nupkg by using settings (
packagesourcesandtrustedSigners) only from the specifiednuget.config file:dotnet nuget verify foo.nupkg --configfile ..\Settings\nuget.config
Feedback
Was this page helpful?
Additional resources
In this article
Was this page helpful?
[8]ページ先頭