Page 1 of 1

Script signing and building to exe

Posted: Fri Apr 10, 2020 7:37 am
by kevinkidder
To help you better we need some information from you.

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build:PrimalScript 7.6.138
32 or 64 bit version of product: x64
Operating system: Windows 10 Enterprise
32 or 64 bit OS:x64

*** Please add details and screenshots as needed below. ***

When I build a signed PS1 script in to an EXE file, when the EXE is run, the extracted script code(which has a random name) isn't signed. Is there a way to change this? Maybe I am just missing a setting.



Re: Script signing and building to exe

Posted: Fri Apr 17, 2020 7:19 am
by brittneyr
By extracted script, are you writing out a script that was packaged into an exe? If so, the script being written out will need to be signed again.

Re: Script signing and building to exe

Posted: Fri Apr 17, 2020 7:47 am
by Alexander Riedel
Please specify what script engine exactly you are using.

Re: Script signing and building to exe

Posted: Fri Apr 17, 2020 12:17 pm
by kevinkidder
The original script written is in Powershell. Let's call it script1.ps1. That script is signed. I use PrimalScript to build it to an exe file. When the EXE executes, powershell engine is seen running a script called <randomname>.ps1. This script won't run because script signing is enforced on the workstation.

Below is the output of a script. The PS1 is called "Qualys-ScanNow.ps1" and it is signed. The EXE file that is built has the same name (Qualys-ScanNow.exe) When I run the exe file, I get the message:

[15:12:00]:Qualys-ScanNow$ .\Qualys-ScanNow.exe
Qualys-ScanNow\1453F3E.ps1 : File
Qualys-ScanNow\1453F3E.ps1 cannot be loaded. The file
Qualys-ScanNow\1453F3E.ps1 is not digitally signed. You cannot run this script on the
current system. For more information about running scripts and setting execution policy, see about_Execution_Policies
at https:/
At line:1 char:1
+ Qualys-ScanNow\1453F3E.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess

Re: Script signing and building to exe

Posted: Mon Apr 20, 2020 7:51 am
by Alexander Riedel
Let me rephrase that. What Script Engine did you select when packaging the script? Is there any particular reason you did not use any of the SAPIEN Host engines?