Untitled

help about_signing

## sign-script.ps1
## Sign a powershell script with a Thawte certificate and
## timestamp the signature
##
## usage: ./sign-script.ps1 c:foo.ps1

param([string] $file=$(throw “Please specify a script filepath.”))

$certFriendlyName = "Thawte Code Signing"
$cert = gci cert:CurrentUserMy -codesigning | where -Filter
  {$_.FriendlyName -eq $certFriendlyName}

# https://www.thawte.com/ssl-digital-certificates/technical-
#   support/code/msauth.html#timestampau
# We thank VeriSign for allowing public use of their timestamping server.
# Add the following to the signcode command line:
# -t http://timestamp.verisign.com/scripts/timstamp.dll
$timeStampURL = "http://timestamp.verisign.com/scripts/timstamp.dll"

if($cert) {
    Set-AuthenticodeSignature -filepath $file -cert $cert -IncludeChain All -
      TimeStampServer $timeStampURL
}
else {
    throw "Did not find certificate with friendly name of `"$certFriendlyName`""
}

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1]

[HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1Shell]

[HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1ShellSign]

[HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1ShellSignCommand]
@="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command Set-AuthenticodeSignature '%1' @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]"