Code Signing not working?

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
dst_cncs
Posts: 3
Joined: Mon Nov 09, 2020 7:09 am

Code Signing not working?

Post by dst_cncs »

Product, version and build: PowerShell Studio 2020 Version 5.7.182
Operating system: Windows Server 2016
PowerShell version(s): 5.1.14393.3866

Hello.
I have PowerShell Studio installed on a Windows Server 2016 machine, without internet access, so I can build custom scripts for my network. Also I have an internal PKI and a Code Signing certificate installed on my users CERT:\CurrentUser\My. I selected the certificate under OPTIONS and also on the build options when I'm exporting one of my scripts as an application. The output says:

Executable file signed with certificate *********
Executable file time stamped with *********
Package completed

No error on the output, but when I check the .exe file it is not signed.
I have the private key available on the certification store. Am I missing some other thing that I should have installed (as a SDK or something)?
Thank you!

Regards,
Fábio

User avatar
Alexander Riedel
Posts: 7556
Joined: Tue May 29, 2007 4:43 pm
Answers: 1
Been upvoted: 3 times

Re: Code Signing not working?

Post by Alexander Riedel »

If you have no error output when signing, the authenticode API has nothing to object to. Meaning that the signing and time stamping was successful as far as it is concerned.
When you say you check the exe it is not signed, how exactly are you checking it?

Diagnosing authenticode issues in an air-gaped environment is more a job for Microsoft, so you definitely should consult them.
For starters, I would sign a script, where a signature is clearly visible as a comment in the code.
Then check if powershell can verify that signature.
If that works, produce an unsigned exe and sign it with Powershell from the console.
See if that works and if the signature is then verifiable.

If all that works and only the packager gives you trouble, I would ask that you to upload a signed executable to us for examination.
Alexander Riedel
SAPIEN Technologies, Inc.

dst_cncs
Posts: 3
Joined: Mon Nov 09, 2020 7:09 am

Re: Code Signing not working?

Post by dst_cncs »

Thank you for your reply.
Sorry for the delay, didn't receive a notification for your message.
I'll try that, or install the software on another machine, with internet connection, and try do sign the code (using a Windows 10 computer).

PS: Also didn't realize I could sign the .exe with PowerShell directly. Tried and just worked. Thank you again!