Securing Powershell Scripts with Code-Signing Certificate

-

Ideally, all Powershell scripts should be signed by a code signing certificate by a certificate authority that is trusted by the host machine. You can also sign you Powershell script with a a self-signed code-signing certificate. You don't need any other tools like make cert to sign your Powershell script to generate self-signed code-signing certificate because Powershell has a built-in cmdlet (New-SelfSignedCertificate) to generate it.

Create a Self-Signed Code-Signing Certificate with Powershell CmdLet


$subject = "Imran Aftab Rana” 
$cert = New-SelfSignedCertificate -Subject $subject -Type CodeSigningCert -CertStoreLocation cert:\LocalMachine\My


The above cmdlet creates a self-signed code-signing certificate and places it in Local Machine Personal certificate store.

Export a Code-Signing Certificate with Powershell CmdLet

You can also export the certificate into a .p7b file and import it into another system or within same machine.

Export-Certificate -Cert $cert -FilePath C:\imranaftabrana.p7b -Type p7b

Import a Code-Signing Certificate to Trusted Store

You can import a code-signing certificate to a trusted store with Powershell CmdLet.

Import-Certificate -FilePath C:\imranaftabrana.p7b -CertStoreLocation Cert:\LocalMachine\Root

Searching existing certificate with Powershell CmdLet

If you have an existing certificate in local machine in certificate store and want to store its reference in Powershell object then you can find the certificate with following Powershell command:

$cert=(dir cert:currentuser\my\ -CodeSigningCert | Where {$_.Subject -eq "CN=ImranAftabRana"})

Code-Signing Powershell Script 

Finally, if you have a Powershell script lets say MyPowershellScript.ps1 then you can digitally sign it with following Powershell CmdLet:

Set-AuthenticodeSignature -Certificate $cert -FilePath "C:\MyPowershellScript.ps1"

Once a Powershell script is signed, there will be a digital signature appended at the end of script and if anyone makes a change in the Powershell script -  an error message will appears indicating that the scripts been modified :-)


Comments

  1. Sivanandhana Girish8 May 2019 at 02:19

    This post has covered an exceptionally fascinating subject that the readers are looking for. Keep it up.

    Spoken English Classes in Velachery
    Spoken English Classes in Tambaram
    Spoken English Classes in OMR Chennai
    Spoken English Class in Ambattur
    Spoken English Classes in Chennai
    Spoken English in Chennai

    ReplyDelete
  2. luckys12 July 2019 at 08:27

    age calculator 

    ReplyDelete
  3. Jill27 September 2023 at 13:16

    https://bayanlarsitesi.com/
    Ordu
    Kocaeli
    Düzce
    Osmaniye

    PU8HUİ

    ReplyDelete
  4. Raci7 October 2023 at 09:07

    görüntülü
    ucretli show
    EXCVVR

    ReplyDelete
  5. CA557Roselyn74E736 November 2023 at 02:55

    D3964
    Erzurum Parça Eşya Taşıma
    Denizli Lojistik
    Elazığ Evden Eve Nakliyat
    Ordu Parça Eşya Taşıma
    Amasya Evden Eve Nakliyat

    ReplyDelete
  6. 0C6E3Nicholas8234A9 November 2023 at 14:28

    90C3C
    Kırşehir Şehir İçi Nakliyat
    Etimesgut Parke Ustası
    Batman Evden Eve Nakliyat
    Antalya Şehir İçi Nakliyat
    Maraş Lojistik
    Yenimahalle Parke Ustası
    Düzce Lojistik
    Gölbaşı Boya Ustası
    Çorum Lojistik

    ReplyDelete
  7. 7858CMichelle2B7EF28 November 2023 at 21:43

    3A5A6
    %20 indirim kodu

    ReplyDelete
  8. CC149LindaD16734 February 2024 at 06:24

    2FE9A
    quickswap
    dextools
    eigenlayer
    dcent
    arculus
    avax
    defillama
    poocoin
    safepal

    ReplyDelete
  9. Takipci Satin Al--------15 February 2024 at 05:28

    586E3
    bitcoin hangi bankalarda var
    probit
    kraken
    binance referans kimliği nedir
    bkex
    kraken
    canlı sohbet ucretsiz
    vindax
    mexc

    ReplyDelete
  10. -Takipci17 February 2024 at 00:25

    96DAA
    huobi
    binance
    bybit
    referans kimligi nedir
    binance
    btcturk
    kraken
    binance referans kod
    canli sohbet

    ReplyDelete
  11. _takipci satin alma4 March 2024 at 21:08

    99C1A
    canlı sohbet siteleri
    bitexen
    canlı sohbet odaları
    February 2024 Calendar
    bitcoin hesabı nasıl açılır
    binance
    en iyi kripto para uygulaması
    vindax
    bitcoin haram mı

    ReplyDelete
  12. CE3F7Carson0F76D10 May 2024 at 18:23

    ED430
    BTC Yorum
    Lto Coin Yorum
    Rndr Coin Yorum
    Bitcoin Forum
    Ogn Coin Yorum
    Bitcoin Son Dakika
    Bitcoin Son Dakika
    Egld Coin Yorum
    Boson Coin Yorum

    ReplyDelete

Post a Comment

Popular posts from this blog

Implementing Basic and JWT Token authentication with C# .NET

-
Image
Authentication is probably the first thing you will encounter when building a secure Enterprise application and understanding how you can authenticate your application with different authentication protocols including third party authentication flows is really important. Whether you are building an app with ASP.NET, ASP.NET Core, WPF, UWP, Xamarin.Forms Xamarin Android, Xamarin iOS or .NET Core , all these frameworks provides client side networking libraries managed under System.NET namespace. Among all the classes  HttpClient has significant important. It can handle both HTTP and HTTPS connections. The beauty of this class is that it provides both hight level api and low level modification options to work with HTTP connections and you can make any modification  within the pipeline like handling HTTP message request/response, filtering, certificates, authorization and much more. In a nutshell, over HTTP most of the times you will work with two kinds of authentication: 1) Basi
Read more

Setting up Free Custom Domain on Microsoft Azure Web App Service

-
Image
In this blog, we will see how we can get a free domain, create a web app on Microsoft Azure and configure a custom domain on it.We will look into following things: Registering a free domain with  Freenom Creating a Web App in  Microsoft Azure   Configuring a custom domain on Microsoft Azure Web Apps Registering CName and A records on Domain Host-name provider (Freenom) Create and deploy ASP.NET web application on Microsoft Azure Web App through Publish Profile Register Free Domain (.tk) Getting a free domain is not a myth, you can easily obtain a free domain from  Freenom . It provides domains of .tk, .ml, .ga, .cf and .gq host names. The procedure is as follow: Goto  Freenom  and search for the domain name (here I have searched breakthrough77). Search results show availability of name in different domain types. As we can see (as of now) there are five domains available for free. Click on Get it now . After selecting domain, click on Checkout . We can
Read more

.NET Core 3 officially comes to Windows IoT Core

-
Image
Finally, the wait is over! Microsoft announced to support .NET Core on Windows ARM32 devices which means .NET Core will be fully supported on Windows 10 IoT Core. Although there have been few hacks to run .Net Core on Windows 10 IoT Core by the support of community  here  which makes .Net Core runtime component available on Windows IoT Core but the SDK was not available so any DLR features were not available nor you could build .NET Core application from within Windows 10 IoT Core. Here is the step-by-step guide on how to create and run .NET Core 3 apps on Windows 10 IoT Core. Step 1: Download .NET Core 3 preview 2 SDK from  here . Step 2: Extract the SDK zip file in C:\Program Files\dotnet\  directory on Windows 10 IoT Core through ftp service ( on windows go to  RUN then type  \\{ip-address}\c$ where{ip-address} is the ip address of windows iot core). Step 3: Open Powershell  in administrator  mode, initialize a Powershell session with your Windows IoT core device an
Read more

Setting up CI and CD pipeline in Azure DevOps for ASP.NET Core and Azure Web Apps

-
Image
In the last post I talked about Azure DevOps , now we will look into a practical use case of Azure DevOps where we will setup a complete continuous integration (CI) and continuous deployment/delivery(CD) pipeline for a ASP.NET Core project hosted on Azure Web Apps . We will host our project solution on Azure Repo . The basic idea is that we will create an Azure Web app, setup our project on Azure Repo, create CD & CD pipeline on Azure DevOps, and see things in action when we push our code to master branch. Let's get started: Open Azure portal  and go to App Services and click on Create app service .  From the Marketplace templates, choose Web App . Click Create . Choose an app service name that is available, select OS be Windows, Publish by code, then choose an app service plan that fits your budget and click Create . Once the service is deployed, you will get a ntoification, open it and click Go to resource . Here you can see live l
Read more

Microsoft Azure DevOps : A Complete CI & CD solution in the cloud

-
Image
Microsoft announced Azure DevOps in last Quater of 2018. When it comes to project planning, project management, continuous integration (CI) and continuous delivery/deployment (CD) for agile practices, DevOps has always been a hot topic  so Microsoft decided to take the lead with a powerful cloud platform that makes everything available in a single place. No matter what platform or language or repository system your solution is, Azure DevOps got you covered with tools that work cross-platform. The services provided by Azure DevOps help developers build high quality software faster. The core services provided are:  Azure Pipelines Azure Boards Azure Artifacts Azure Repos Azure Test Plans Azure Pipelines Azure DevOps provides Azure pipelines to manage CI/CD tasks that supports any language, platform, and cloud. You can connect to a any Git repository and setup CI/CD workflow. Azure DevOps makes it incredibly easy to setup building, testing, and deployment workflow to
Read more

Microsoft Azure Blob Storage - Managing Blobs and storage containers from C#

-
Image
This is the part two of Microsoft Azure Blob Storage where we will look into managing Microsoft Azure Blobs from C# and .NET. For this blog, we are going to keep this pretty simple. We will create a new .net console application and add two Nugget packages that make it super easy to work with Microsoft Azure Blobs. Include these two Nugget Packages: WindowsAzure.Storage Microsoft.WindowsAzure.ConfigurationManager Obtain Access keys from Azure Portal  Add it Access Key to App.Config Include Microsoft Azure Storage namespaces using Microsoft.Azure; using Microsoft.WindowsAzure.Storage; using Microsoft.WindowsAzure.Storage.Blob; Add a Container in Azure Blob Storage from C# var storageAccount = CloudStorageAccount.Parse(                 CloudConfigurationManager.GetSetting("AzureStorageConnection")); var blobClient = storageAccount.CreateCloudBlobClient(); var container = blobClient.GetContainerReference("mycontainer"); container
Read more

Xamrin Android Push Notification using Firebase Cloud Messaging

-
Image
Create a   New Project . Select   Single-View App (Android)  under  Installed > Visual > C# >Android Open   AndroidManifest.xml  file under your Android project's Properties Copy value of  package  attribute in  manifest  tag Open your browser and goto  https://console.firebase.google.com   . Sign-in with your  Google  acoount create a new one Click on  Add Project . Choose a project name. Here, the name is  PushNotificationGCM Click on  Add Firebase to your Android App Paste the package name copied in Step 3 and click  Register App Click on  Download google-services.json  and click continue Copy  google-services.json  file into Android project Include  google-services.json  file   into Project's Solution by clicking  View All Files  in Solution Explorer tab, Right-click  google-services.json  file and click  Include In Project Right-click Android project and click  Manage Nuget Packages Click on  Browse  tab, search for  Xamarin.GooglePlayServices.Base
Read more

Understanding Powershell ExecutionPolicy and securing Powershell CmdLets/Scripts with Code-Signing Certificate

-
Image
One of the great things about Powershell is that its powerful and at the same time very safe. Powershell script cannot be executed as is unless user provides permission to execute PS script/cmdlet/module. This is generally set through Powershell Execution Policy. There are four types of Execution Policy : Allsigned RemoteSigned Restricted Unrestricted AllSigned  - Scripts will run only if they have been signed by a trusted publisher. RemoteSigned  - Scripts created locally will run, but those downloaded from the Internet will not (unless they are digitally signed by a trusted publisher). Restricted  - Scripts won’t run. Unrestricted  - Scripts will run regardless of where they have come from and whether they are signed. Ideally, all PS scripts should be digitally signed by a code-signing certificate. But in case, you don't want to buy an expensive code-signing certificate from a Certification Authority (CA), you can create a Self-Signed certificate and then add it
Read more

Fundamental of Powershell Scripting

-
Image
As a developer/programmer, if you have developed expertise in one programming language - learning another is just about understanding the syntax, the rest of the concepts are similar among all languages. So to get started developing automation scripts for Powershell , here are the things you care about: Read input & write output Data Types Operators Conditional Statements Looping Statement Functions  Object oriented scripting Read input & write output Output to console: Lets start with "Hello World!", in powershell there are two ways to output to console: Write-Host Write-Output The second one (Write-Output) is more preferred way to write to console as it does not destroy pipeline inputs.  You can find the code here Input from console: Reading inputs from console is super easy in powershell. Find the code above on my Github Gist here . Data Types Powershell is based on .NET Framework (and Powershell Core on .NET Core)
Read more