dotnet-nuget-verify(1)

1dotnet-nuget-verify(1)        .NET Documentation        dotnet-nuget-verify(1)
2
3
4

dotnet nuget verify

6       This article applies to: ✔️ .NET 5.0.100-rc.2.x SDK and later versions
7

NAME

9       dotnet-nuget-verify - Verifies a signed NuGet package.
10

SYNOPSIS

12              dotnet nuget verify [<package-path(s)>]
13                  [--all]
14                  [--certificate-fingerprint <FINGERPRINT>]
15                  [-v|--verbosity <LEVEL>]
16                  [--configfile <FILE>]
17
18              dotnet nuget verify -h|--help
19

DESCRIPTION

21       The dotnet nuget verify command verifies a signed NuGet package.
22
23              This command requires a certificate root store that is valid for
24              both code signing and timestamping.  See  NuGet  signed  package
25              verification for details.
26

ARGUMENTS

28       • package-path(s)
29
30         Specifies  the  file path to the package(s) to be verified.  Multiple
31         position arguments can be passed in to verify multiple packages.
32

OPTIONS

34       • --all
35
36         Specifies that all verifications possible should be performed on  the
37         package(s).  By default, only signatures are verified.
38
39         This command currently supports only signature verification.
40
41       • --certificate-fingerprint <FINGERPRINT>
42
43         Verify  that the signer certificate matches with one of the specified
44         SHA256 fingerprints.  This option can be supplied multiple  times  to
45         provide multiple fingerprints.
46
47       • -v|--verbosity <LEVEL>
48
49         Sets the verbosity level of the command.  Allowed values are q[uiet],
50         m[inimal], n[ormal], d[etailed], and diag[nostic].   The  default  is
51         minimal.   For  more  information,  see  <xref:Microsoft.Build.Frame‐
52         work.LoggerVerbosity>.
53
54         The following table shows what is displayed for each verbosity level.
55
56                      q[uiet]   m[inimal]   n[ormal]   d[etailed]   diag[nos‐
57                                                                     tic]
58         ──────────────────────────────────────────────────────────────────────
59         Certificate   ❌        ❌          ❌         ✔️           ✔️
60         chain   In‐
61         formation
62         Path     to   ❌        ❌          ✔️         ✔️           ✔️
63         package be‐
64         ing   veri‐
65         fied
66
67         Hashing al‐   ❌        ❌          ✔️         ✔️           ✔️
68         gorithm
69         used    for
70         signature
71         Au‐           ❌        ❌          ✔️         ✔️           ✔️
72         thor/Repos‐
73         itory  Cer‐
74         tificate ->
75         SHA1 hash
76         Au‐           ❌        ❌          ✔️         ✔️           ✔️
77         thor/Repos‐
78         itory  Cer‐
79         tificate ->
80         Issued By
81         Timestamp     ❌        ❌          ✔️         ✔️           ✔️
82         Certificate
83         ->   Issued
84         By
85         Timestamp     ❌        ❌          ✔️         ✔️           ✔️
86         Certificate
87         ->  SHA-256
88         hash
89         Timestamp     ❌        ❌          ✔️         ✔️           ✔️
90         Certificate
91         -> Validity
92         period
93         Timestamp     ❌        ❌          ✔️         ✔️           ✔️
94         Certificate
95         ->     SHA1
96         hash
97         Timestamp     ❌        ❌          ✔️         ✔️           ✔️
98         Certificate
99         ->  Subject
100         name
101         Au‐           ❌        ✔️          ✔️         ✔️           ✔️
102         thor/Repos‐
103         itory  Cer‐
104         tificate ->
105         Subject
106         name
107         Au‐           ❌        ✔️          ✔️         ✔️           ✔️
108         thor/Repos‐
109         itory  Cer‐
110         tificate ->
111         SHA-256
112         hash
113         Au‐           ❌        ✔️          ✔️         ✔️           ✔️
114         thor/Repos‐
115         itory  Cer‐
116         tificate ->
117         Validity
118         period
119         Au‐           ❌        ✔️          ✔️         ✔️           ✔️
120         thor/Repos‐
121         itory  Cer‐
122         tificate ->
123         Service in‐
124         dex URL (If
125         applicable)
126         Package       ❌        ✔️          ✔️         ✔️           ✔️
127         name  being
128         verified
129
130
131
132
133         Type     of   ❌        ✔️          ✔️         ✔️           ✔️
134         signature
135         (author  or
136         repository)
137
138         ❌ indicates details that are not displayed.   ✔️  indicates  details
139         that are displayed.
140
141       • --configfile <FILE>
142
143         The  NuGet  configuration  file (nuget.config) to use.  If specified,
144         only the settings from this file will be used.  If not specified, the
145         hierarchy  of  configuration files from the current directory will be
146         used.  For more information, see Common NuGet Configurations.
147
148       • -?|-h|--help
149
150         Prints out a description of how to use the command.
151

EXAMPLES

153       • Verify foo.nupkg:
154
155                dotnet nuget verify foo.nupkg
156
157       • Verify multiple NuGet packages - foo.nupkg and all  .nupkg  files  in
158         the directory specified:
159
160                dotnet nuget verify foo.nupkg c:\mydir\*.nupkg
161
162       • Verify  foo.nupkg  signature  matches  with the specified certificate
163         fingerprint:
164
165                dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039
166
167       • Verify foo.nupkg signature matches with one of the specified certifi‐
168         cate fingerprints:
169
170                dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039 --certificate-fingerprint EC10992GG5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E027
171
172       • Verify  the  signature of foo.nupkg by using settings (packagesources
173         and trustedSigners) only from the specified nuget.config file:
174
175                dotnet nuget verify foo.nupkg --configfile ..\Settings\nuget.config
176
177
178
179                                  2022-11-08            dotnet-nuget-verify(1)