Digitally Sign Files (PowerShell Example) - TheGetch/Penetration-Testing-Methodology GitHub Wiki
From:
Open Windows PowerShell and run the following One-Liner to create a signing certificate.
New-SelfSignedCertificate -DnsName [email protected] -CertStoreLocation Cert:\CurrentUser\My\ -Type Codesigning
You can find your certificate in your certificate store. Run certmgr.msc.
C:\> certmgr.msc
Now the certificate must be exported and then imported into the Trusted Root Certification Authorities and Trusted Publishers.
Double click on the certificate and select Details and Copy to file …
Do not export the private key. No need for.
Select CER Format.
Save the file wherever you want.
Now import the certificate to the Trusted Root Authorities and Trusted Publishers.
Next, we use Set-Authenticodesignature to sign our file. In this example, it is a. ps1 file, thus a PowerShell script.
Set-AuthenticodeSignature -FilePath C:\Temp\script1.ps1 -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My\ -CodeSigningCert)
Don’t worry about the Status Unknown Error. The next time you do it valid comes up. Crazy Stuff. Ok, we don’t care about this now.
Nice. Finally, see what happened. Open Windows Explorer, right click on your file, select properties and click on Digital Signatures.
For testing your script, make sure the execution policy allows the running of PS1 scripts.
Get-ExecutionPolicy
Remotesigned, AllSigned and Unrestricted are your friends … If the policy is set to restricted then set it – for this testing environment – to AllSigned.
Set-ExecutionPolicy AllSigned
#powershell