0

I'm looking to create a web service to sign powershell scripts for use within an intranet. Is it possible to replicate the block of encoded text at the end of a script that set-authenticodesignature creates?

The MSDN documentation seems to say no.

Improve this question

3 Answers 3

Reset to default
2

.NET is not your friend on this one. No support that I've been able to find - I've searched on multiple occasions

  1. This is a VB example that uses Win32 API. Could be adapted to Powershell. http://blogs.msdn.com/b/alejacma/archive/2008/02/20/how-to-sign-exe-files-with-an-authenticode-certificate-vb-net.aspx

  2. The blog mentions CAPICOM.SignedCode. If you already have CAPICOM installed or that is an option, I'd go with that. I personally prefer using COM over Win32 from PS.

  3. Suspect you don't want to do this, but FWIW, Mono does have support for Authenticode signing built in. I was able to cut, paste, and edit a big blob of Mono C# code a while back and get it to work on Powershell.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

In case you do want to do this, I have the following hack - gist.github.com/voltagex/5835833
@voltagex nice hack. Your act got me looking through reflector and I saw that in System.Security.Cryptography there CAPI, CAPIBase, CAPIMethods, and CAPINative classes. All private of course, but available thru reflection
I hope you come back, as the SignCode tool in my GitHub repo is much better and uses the same APIs that powershell does.
2

But you could invoke powershell from c#. Using this functionality you can easy call Set-AuthenticodeSignature from your code

Improve this answer

1 Comment

Thanks, this is a possibility. I'm interested to see whether the Managed API can do it - letting me sign a PowerShell script as a MemoryStream
2

Here is, how they do it https://github.com/PowerShell/PowerShell/blob/d8f8f0a8bcbadb357f9eaafbb797278ebe07d7cc/src/System.Management.Automation/security/Authenticode.cs

In this file you can find the signaturehelper class with the following function:

internal static Signature SignFile(SigningOption option,
                                           string fileName,
                                           X509Certificate2 certificate,
                                           string timeStampServerUrl,
                                           string hashAlgorithm)

ok, i am a little bit late now ;-)

Best Regards

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.