Skip to content

Latest commit

 

History

History
66 lines (45 loc) · 3.38 KB

README.md

File metadata and controls

66 lines (45 loc) · 3.38 KB

PowerShell OpenAuthenticode

Test workflow codecov PowerShell Gallery License

A cross platform Authenticode library for PowerShell signatures. Currently this support PowerShell script files, .ps1, .psd1, .psm1, .ps1xml as well as PE binarys .dll, and .exe. More format are planned for the future.

See OpenAuthenticode index for more details.

Note

While this can do a standard certificate CA check, it does not currently implement any revocation checks so may not be viable for using as your own trust source.

Requirements

These cmdlets have the following requirements

  • PowerShell v7.4 or newer

Examples

Get Authenticode Signatures from File

Get-OpenAuthenticodeSignature -Path test.ps1, test.dll

This gets all the Authenticode signatures present in the files test.ps1 and test.dll. The output object contains each signature, the hash algorithm used, the timestamp information, as well as the certificate used to sign it. It will also attempt to validate the signature is trusted by a known CA, the -SkipCertificateCheck can be passed in to ignore any CA trust failures.

Set Authenticode signature

$cert = Get-Item Cert:\CurrentUser\My\* -CodeSigningCert
Set-OpenAuthenticodeSignature -Path test.ps1 -Certificate $cert

Signs the file test.ps1 with the certificate provided using the default hash algorithm SHA256. The certificate retrieval only works on Windows, use Get-PfxCertificate on other platforms of the X509Certificate2 class directly on other platforms to get the certificate object to sign. The Get-OpenAuthenticodeAzKey cmdlet can be used to retrieve a code signing certificate from Azure KeyVault to use to sign the certificate. The Add-OpenAuthenticodeSignature cmdlet can be used to add a signature to an existing set Authenticode signatures rather than replace the existing signature.

Installing

The easiest way to install this module is through PowerShellGet.

You can install this module by running;

# Install for only the current user
Install-Module -Name OpenAuthenticode -Scope CurrentUser

# Install for all users
Install-Module -Name OpenAuthenticode -Scope AllUsers

Contributing

Contributing is quite easy, fork this repo and submit a pull request with the changes. To build this module run .\build.ps1 -Task Build in PowerShell. To test a build run .\build.ps1 -Task Test in PowerShell. This script will ensure all dependencies are installed before running the test suite.