logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

This article applies to: ✔️ .NET 5.0.100-rc.2.x SDK and later versions

Arguments

package-path(s)

         Specifies the file path to the package(s) to be verified.  Multiple position arguments can be passed in
         to verify multiple packages.

Description

       The dotnetnugetverify command verifies a signed NuGet package.

              This  command requires a certificate root store that is valid for both code signing and timestamp‐
              ing.  Also, this command may not be supported on some combinations of operating  system  and  .NET
              SDK.  For more information, see NuGet signed package verification.

Dotnet Nuget Verify

Thisarticleappliesto: ✔️ .NET 5.0.100-rc.2.x SDK and later versions

Examples

       • Verify foo.nupkg:

                dotnet nuget verify foo.nupkg

       • Verify multiple NuGet packages - foo.nupkg and all.nupkgfilesinthedirectoryspecified:

                dotnet nuget verify foo.nupkg c:\mydir\*.nupkg

       • Verify foo.nupkg signature matches with the specified certificate fingerprint:

                dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039

       • Verify foo.nupkg signature matches with one of the specified certificate fingerprints:

                dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039 --certificate-fingerprint EC10992GG5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E027

       • Verify  the  signature of foo.nupkg by using settings (packagesources and trustedSigners) only from the
         specified nuget.config file:

                dotnet nuget verify foo.nupkg --configfile ..\Settings\nuget.config

                                                   2024-10-02                             dotnet-nuget-verify(1)

Name

       dotnet-nuget-verify - Verifies a signed NuGet package.

Options

--all

         Specifies that all verifications possible should be performed on the package(s).  By default, only sig‐natures are verified.

         This command currently supports only signature verification.

       • --certificate-fingerprint<FINGERPRINT>

         Verify  that the signer certificate matches with one of the specified SHA256 fingerprints.  This option
         can be supplied multiple times to provide multiple fingerprints.

       • -v|--verbosity<LEVEL>

         Sets the verbosity level of the command.  Allowed values are q[uiet], m[inimal], n[ormal],  d[etailed],
         and  diag[nostic].   The  default  is  minimal.  For more information, see <xref:Microsoft.Build.Frame‐
         work.LoggerVerbosity>.

         The following table shows what is displayed for each verbosity level.

         ​                  q[uiet]m[inimal]n[ormal]d[etailed]diag[nostic]
         ──────────────────────────────────────────────────────────────────────────────
         Certificate        ❌        ❌          ❌         ✔️           ✔️
         chainInforma‐tionPathtopackage   ❌        ❌          ✔️         ✔️           ✔️
         beingverifiedHashingalgo‐   ❌        ❌          ✔️         ✔️           ✔️
         rithmusedforsignatureAuthor/Reposito‐   ❌        ❌          ✔️         ✔️           ✔️
         ryCertificate->SHA1hashAuthor/Reposito‐   ❌        ❌          ✔️         ✔️           ✔️
         ryCertificate->IssuedByTimestampCer‐   ❌        ❌          ✔️         ✔️           ✔️
         tificate->Is‐suedByTimestampCer‐   ❌        ❌          ✔️         ✔️           ✔️
         tificate->SHA-256hashTimestampCer‐   ❌        ❌          ✔️         ✔️           ✔️
         tificate->Va‐lidityperiodTimestampCer‐   ❌        ❌          ✔️         ✔️           ✔️
         tificate->SHA1hashTimestampCer‐   ❌        ❌          ✔️         ✔️           ✔️
         tificate->Sub‐jectnameAuthor/Reposito‐   ❌        ✔️          ✔️         ✔️           ✔️
         ryCertificate->SubjectnameAuthor/Reposito‐   ❌        ✔️          ✔️         ✔️           ✔️
         ryCertificate->SHA-256hashAuthor/Reposito‐   ❌        ✔️          ✔️         ✔️           ✔️
         ryCertificate->Validitype‐riodAuthor/Reposito‐   ❌        ✔️          ✔️         ✔️           ✔️
         ryCertificate->ServiceindexURL(Ifapplica‐ble)Packagenamebe‐   ❌        ✔️          ✔️         ✔️           ✔️
         ingverifiedTypeofsigna‐   ❌        ✔️          ✔️         ✔️           ✔️
         ture(authororrepository)

         ❌ indicates details that are not displayed.  ✔️ indicates details that are displayed.

       • --configfile<FILE>

         The  NuGet  configuration  file  (nuget.config) to use.  If specified, only the settings from this file
         will be used.  If not specified, the hierarchy of configuration files from the current  directory  will
         be used.  For more information, see Common NuGet Configurations.

       • -?|-h|--help

         Prints out a description of how to use the command.

Synopsis

              dotnet nuget verify [<package-path(s)>]
                  [--all]
                  [--certificate-fingerprint <FINGERPRINT>]
                  [-v|--verbosity <LEVEL>]
                  [--configfile <FILE>]

              dotnet nuget verify -h|--help

See Also