Sign Your PowerShell Code
Published Date: 2023-11-03 13:00:30Z
0x0 Environment
- OpenSSL 3.1.3 19 Sep 2023
- Win10
- PowerShell
0x1 Get your CA certificate (optional)
You need a CA certificate to sign this code sign certificate. You can find the way in my early post. {% post_link Create-cer-and-pvk-with-your-own-CA-in-OpenSSL Create-cer-and-pvk-with-your-own-CA-in-OpenSSL %}
0x2 Get your certificate with code signing extension
CodeSign.ext
subjectAltName = @codesign
keyUsage = digitalSignature
extendedKeyUsage = codeSigning
[codesign]
DNS.1 = yourDomain.com
IP.1 = 127.0.0.1
openssl x509 -req -CA MyCA.cer -CAkey MyCA.pvk -in codesign.req -out codesign.cer -days 365 -extfile CodeSign.ext
0x3 Get your pfx of code signing
You can find the way in my early post. {% post_link Customize Your Personal RDP Crt %}
0x4 Install
Install it on your personal account's Trust Publisher.
0x5 Sign your Powershell
$crt = ls cert:CurrentUser\TrustedPublisher | where {$_.Subject -Match "^CN=YourCodeSignCN.*"}
Set-AuthenticodeSignature -Certificate $crt -FilePath .\yourPowershell.ps1
Fill your YourCodeSignCN yourPowershell and run with powershell.