我创建了一个证书,它有效:
Thumbprint Subject
---------- -------
0562....................4944E CN=Callis PowerShell
现在我想签署我的脚本LoadAndParse.ps1 但如果我尝试:
PS C:\...\X> $cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]
PS C:\...\X> Set-AuthenticodeSignature LoadAndParse.ps1 $cert
Directory: C:\...\
SignerCertificate Status Path
----------------- ------ ----
UnknownError LoadAndParse.ps1
如果我通过添加一个命令稍微修改我的订单序列并将其签名 - 但现在它是空的:(
PS C:\...\X> echo get-location > LoadAndParse.ps1
PS C:\...\X> $cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]
PS C:\...\X> Set-AuthenticodeSignature LoadAndParse.ps1 $cert
Directory: C:\...\X
SignerCertificate Status Path
----------------- ------ ----
056260.............E24944E Valid LoadAndParse.ps1
现在脚本只有密钥块 - 确保脚本安全是一种令人惊讶的方法!!
如何签署能够执行某些操作的脚本,因为代码保持不变?
提前谢谢,
Gooly
答案 0 :(得分:0)
得到了解决方案。 PS-ISE保存在Unicode Big Endian中,Set-AuthenticodeSignature无法理解。 使用Notepad ++将脚本保存为UTF-8,你没事。
叹息,如果错误提示指向正确的方向,或者Powershell会理解它自己的代码 - 它会为我节省几个小时!
这是我的脚本,提醒你这个陷阱:
<#
.SYNOPSIS
check whether the file is in UTF8 and sign it - otherwise give hint what to do
but this file has to be signed too eventually
#>
[CmdletBinding()] Param (
[Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [string]$Path,
[Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [int]$Idx=0
)
function isUTF8 ( [string]$Path, [int]$Idx )
{
[byte[]]$byte = get-content -Encoding byte -ReadCount 4 -TotalCount 4 -Path $Path
if ( $byte[0] -eq 0xef -and $byte[1] -eq 0xbb -and $byte[2] -eq 0xbf ) {
Write-Output "$Path`r`nis UTF8, going to sign it using cert. index: $Idx"
sign $Path $Idx
} else {
[console]::beep(500,600)
Write-Output "$Path is NOT UTF8!`r`nLoad it in Notepad++ and save it in UTF8 - otherwise it can't be signed"
}
}
function sign ([string]$Path, [int]$Idx) {
$cert = @(gci cert:\currentuser\my -codesigning)[$Idx]
Set-AuthenticodeSignature $Path $cert
}
isUTF8 $Path $Idx
我无法想象使用非MS-produt来运行MS脚本:(