Changes

Jump to: navigation, search

Windows PowerShell 1.0 Security

67 bytes added, 15:38, 30 December 2008
Signing Windows PowerShell Scripts
== Signing Windows PowerShell Scripts ==
The signing of Windows PowerShell scripts serves two key purposes. The first, through the use of a digital certificate, is to provide a level of confidence that a script has been provided by a trusted author. Secondly, through the use of public key cryptography and one-way hashing, the signing process also ensures that any modifications made to a script after it was signed by the author are detected and execution of the script subsequently blocked.
Windows PowerShell scripts are signed using a signing digital certificate which are is obtained from a ''certificate authority'' (CA). Alternatively, a ''self-signed certificate'' may be generated by creating a local certificate authority. Whilst a these self-signed certificates are useful for running scripts on a local system, they are not trusted by other systems. The certificate may be further protected by using private key encryption. More details on certificates and Public Key Infrastructure may be found in the Techotopia [[Security+ Essentials]] online book in the chapter entitled [[An Overview of Public Key Infrastructures (PKI)]].
In the remainder of this chapter, we will create a local certificate authority, generate a signing certificate and apply that certificate to a script. Having done that, we will then enable private key encryption on that certificate to prevent it from falling into the wrong hands. If you already have a certificate issued by a certificate authority you may, of course, skip the self-signing sections of this chapter and proceed to the script signing section.

Navigation menu