dotnet-nuget-verify - Verifies a signed NuGet package.

dotnet nuget verify  NAME  SYNOPSIS  DESCRIPTION  ARGUMENTS  OPTIONS  EXAMPLES 

dotnet nuget verify

This article applies to: ✔️ .NET 5.0.100-rc.2.x SDK and later versions

NAME

dotnet-nuget-verify - Verifies a signed NuGet package.

SYNOPSIS

dotnet nuget verify [<package-path(s)>]
    [--all]
    [--certificate-fingerprint <FINGERPRINT>]
    [-v|--verbosity <LEVEL>]
    [--configfile <FILE>]

dotnet nuget verify -h|--help

DESCRIPTION

The dotnet nuget verify command verifies a signed NuGet package.

This command requires a certificate root store that is valid for both code signing and timestamping. See NuGet signed package verification for details.

ARGUMENTS

package-path(s)

Specifies the file path to the package(s) to be verified. Multiple position arguments can be passed in to verify multiple packages.

OPTIONS

--all

Specifies that all verifications possible should be performed on the package(s). By default, only signatures are verified.

This command currently supports only signature verification.

--certificate-fingerprint <FINGERPRINT>

Verify that the signer certificate matches with one of the specified SHA256 fingerprints. This option can be supplied multiple times to provide multiple fingerprints.

-v|--verbosity <LEVEL>

Sets the verbosity level of the command. Allowed values are q[uiet], m[inimal], n[ormal], d[etailed], and diag[nostic]. The default is minimal. For more information, see <xref:Microsoft.Build.Framework.LoggerVerbosity>.

The following table shows what is displayed for each verbosity level.

❌ indicates details that are not displayed. ✔️ indicates details that are displayed.

--configfile <FILE>

The NuGet configuration file (nuget.config) to use. If specified, only the settings from this file will be used. If not specified, the hierarchy of configuration files from the current directory will be used. For more information, see Common NuGet Configurations.

-?|-h|--help

Prints out a description of how to use the command.

EXAMPLES

Verify foo.nupkg:

dotnet nuget verify foo.nupkg

Verify multiple NuGet packages - foo.nupkg and all .nupkg files in the directory specified:

dotnet nuget verify foo.nupkg c:\mydir\*.nupkg

Verify foo.nupkg signature matches with the specified certificate fingerprint:

dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039

Verify foo.nupkg signature matches with one of the specified certificate fingerprints:

dotnet nuget verify foo.nupkg --certificate-fingerprint CE40881FF5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E039 --certificate-fingerprint EC10992GG5F0AD3E58965DA20A9F571EF1651A56933748E1BF1C99E537C4E027

Verify the signature of foo.nupkg by using settings (packagesources and trustedSigners) only from the specified nuget.config file:

dotnet nuget verify foo.nupkg --configfile ..\Settings\nuget.config

Updated 2024-01-29 - jenkler.se | uex.se