问题
I'm looking to create a web service to sign powershell scripts for use within an intranet. Is it possible to replicate the block of encoded text at the end of a script that set-authenticodesignature creates?
The MSDN documentation seems to say no.
回答1:
.NET is not your friend on this one. No support that I've been able to find - I've searched on multiple occasions
This is a VB example that uses Win32 API. Could be adapted to Powershell. http://blogs.msdn.com/b/alejacma/archive/2008/02/20/how-to-sign-exe-files-with-an-authenticode-certificate-vb-net.aspx
The blog mentions CAPICOM.SignedCode. If you already have CAPICOM installed or that is an option, I'd go with that. I personally prefer using COM over Win32 from PS.
Suspect you don't want to do this, but FWIW, Mono does have support for Authenticode signing built in. I was able to cut, paste, and edit a big blob of Mono C# code a while back and get it to work on Powershell.
回答2:
But you could invoke powershell from c#. Using this functionality you can easy call Set-AuthenticodeSignature from your code
回答3:
Here is, how they do it https://github.com/PowerShell/PowerShell/blob/d8f8f0a8bcbadb357f9eaafbb797278ebe07d7cc/src/System.Management.Automation/security/Authenticode.cs
In this file you can find the signaturehelper class with the following function:
internal static Signature SignFile(SigningOption option,
string fileName,
X509Certificate2 certificate,
string timeStampServerUrl,
string hashAlgorithm)
ok, i am a little bit late now ;-)
Best Regards
来源:https://stackoverflow.com/questions/17227679/sign-powershell-script-from-c-sharp