You’re given .PFX code signing certificate and told to sign your code. What does this mean, and how do you do it?
What is code signing?
Signing code means creating a digital signature on an executable file by using a code signing certificate. When your code is executed, your organization’s security software will check that this executable was signed using the code signing certificate.
After you’ve signed an executable, you can see the digital signature in the file’s properties.
How do you sign code?
You can sign three types of files – .exe’s, .dll’s, and PowerShell scripts.
In the following examples, my code signing certificate is located at C:\HelloWorld\codesigningcert.pfx and has the password “1”.
Signing .exe’s and .dll’s
Execute the following on the command line:
Code language: Bash (bash)
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /f "C:\HelloWorld\codesigningcert.pfx" /p 1 "C:\HelloWorld\HelloWorld.dll"
After you’ve signed the file, you can check for the Digital Signature in the file’s properties.
Signing PowerShell scripts
Execute the following PowerShell:
Code language: PowerShell (powershell)
$cert = Get-PfxCertificate -FilePath C:\HelloWorld\codesigningcert.pfx Set-AuthenticodeSignature -FilePath C:\HelloWorld\HelloWorld.ps1 -Certificate $cert
It’ll prompt you for the certificate password. Enter it and click OK.
Open up your PowerShell script and verify that it has a signature block appended to it.