Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- help about_signing
- ## sign-script.ps1
- ## Sign a powershell script with a Thawte certificate and
- ## timestamp the signature
- ##
- ## usage: ./sign-script.ps1 c:foo.ps1
- param([string] $file=$(throw “Please specify a script filepath.”))
- $certFriendlyName = "Thawte Code Signing"
- $cert = gci cert:CurrentUserMy -codesigning | where -Filter
- {$_.FriendlyName -eq $certFriendlyName}
- # https://www.thawte.com/ssl-digital-certificates/technical-
- # support/code/msauth.html#timestampau
- # We thank VeriSign for allowing public use of their timestamping server.
- # Add the following to the signcode command line:
- # -t http://timestamp.verisign.com/scripts/timstamp.dll
- $timeStampURL = "http://timestamp.verisign.com/scripts/timstamp.dll"
- if($cert) {
- Set-AuthenticodeSignature -filepath $file -cert $cert -IncludeChain All -
- TimeStampServer $timeStampURL
- }
- else {
- throw "Did not find certificate with friendly name of `"$certFriendlyName`""
- }
- Windows Registry Editor Version 5.00
- [HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1]
- [HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1Shell]
- [HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1ShellSign]
- [HKEY_CURRENT_USERSoftwareClassesMicrosoft.PowerShellScript.1ShellSignCommand]
- @="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command Set-AuthenticodeSignature '%1' @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]"
Add Comment
Please, Sign In to add comment