August 21, 2018 at 7:14 am
Below is a powershell script. Looks like it is encrypted with a signature block. I want to make a small change to server name in the script. After the change i have to encrypt the ps1 file again with a signature block, right? Can you show me step by step how i can encrypt the file with signature block as below using command prompt
Function Invoke-SQL.net {
<#
.SYNOPSIS
Invoke a SQL connection and command via .NET without having SQL Server/Tools installed.
.DESCRIPTION
If the Invoke-sqlcmd function is not usable because the module/snapins are missing then this may suffice.
As this is a very lite implementation (no support for Output Parameters so all commands must return a dataset to be validated) it is mostly superseeded by Invoke-SqlCmd (provided the snapin/module is available)
.EXAMPLE
Invoke-SQL.net -datasource "SERVER\Instance" -database "Adventureworks" -sqlCommand "SELECT 'HELLO WORLD' as Test" -commandTimeout 60
.NOTES
#>
[cmdletbinding()]
param(
[string] $dataSource # Server\Instance"
,[string] $database # Database
,[string] $sqlCommand # Select * From ...
,[int] $commandTimeout # testing
)
$connectionString = "Data Source=$dataSource; " +
"Integrated Security=SSPI; " +
"Initial Catalog=$database"
$connection = new-object system.data.SqlClient.SQLConnection($connectionString)
$command = new-object system.data.sqlclient.sqlcommand($sqlCommand,$connection)
if ($commandTimeout -ge 0){ #Less than 0 would throw an error.
$command.CommandTimeout = $commandTimeout
}
$connection.Open()
$adapter = New-Object System.Data.sqlclient.sqlDataAdapter $command
$dataset = New-Object System.Data.DataSet
$adapter.Fill($dataSet) | Out-Null
$connection.Close()
return $dataSet
}
# SIG # Begin signature block
# MIIEMwYJKoZIhvcNAQcCoIIEJDCCBCACAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUWtePhWj2i+rR+qQzPNhWMNGt
# eUugggI9MIICOTCCAaagAwIBAgIQAIlaOjnVZ71Iw+V7LXZc+jAJBgUrDgMCHQUA
# MCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdDAe
# Fw0xNDAzMjQxMzUyMDNaFw0zOTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMTD1Bvd2Vy
# U2hlbGwgVXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3FNS7yvb++Um
# UIZHm5WjvCt4tugUPcPstma1hmGJQi0d/nU4vMtzxOsRy3ZnvoCK5wp4APeF7AEn
# D09QmBvVW+miIrmE48trXXBJEjPuX3+0O0UsyUU4EmLZmLIlSwQqUETyNfFVw+jc
# 28zgx4BYRZvLJRBGzJSXRTgJEDfTs1sCAwEAAaN2MHQwEwYDVR0lBAwwCgYIKwYB
# BQUHAwMwXQYDVR0BBFYwVIAQH8dWHQvz9lB32VXgMZD3TaEuMCwxKjAoBgNVBAMT
# IVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdIIQqQP1DPImKb9CG4rp
# 8K5d8TAJBgUrDgMCHQUAA4GBAJjEm8n5N8UQ2q1Smbnwzi/I7i9oS7TY+v0G76aY
# 3SPbzzTqTIUNEyIZ64bKL2A+WlY+XmJpilae7kZFseIVec2ipVsMTXoPgRdwAVtN
# A6ZuGp1H0DtFO9tm+cjf9PwbnXur0zx9nfn6X6YfWpWXw2p0LLHKE+SGsvScm4sH
# bVqIMYIBYDCCAVwCAQEwQDAsMSowKAYDVQQDEyFQb3dlclNoZWxsIExvY2FsIENl
# cnRpZmljYXRlIFJvb3QCEACJWjo51We9SMPley12XPowCQYFKw4DAhoFAKB4MBgG
# CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC
# AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYE
# FLlrSHB/g6KHV+Yt/n/cwbisTToWMA0GCSqGSIb3DQEBAQUABIGAdFXslh8CO1s2
# bT34kOvK1UhSSk7DL1Q0w5XI5qw53CrfHcU9ug7ULpAt75Yc+s/Nk1sgNFNFBX4f
# Hn05ur0H5iDhjqW4AzOCu9rxXzeDxtGE7h0mXDDeZGu2FHg1MocsqwMBr3DieNK3
# opq/embDzeIGYDpf/8plCS0EliYzSa8=
# SIG # End signature block
August 21, 2018 at 9:00 am
Why do you think it needs to be encrypted? It's a powershell script and that signature block is just comments.
August 21, 2018 at 10:47 am
fafful - Tuesday, August 21, 2018 7:14 AMBelow is a powershell script. Looks like it is encrypted with a signature block. I want to make a small change to server name in the script. After the change i have to encrypt the ps1 file again with a signature block, right? Can you show me step by step how i can encrypt the file with signature block as below using command promptFunction Invoke-SQL.net {
<#
.SYNOPSIS
Invoke a SQL connection and command via .NET without having SQL Server/Tools installed.
.DESCRIPTION
If the Invoke-sqlcmd function is not usable because the module/snapins are missing then this may suffice.
As this is a very lite implementation (no support for Output Parameters so all commands must return a dataset to be validated) it is mostly superseeded by Invoke-SqlCmd (provided the snapin/module is available)
.EXAMPLE
Invoke-SQL.net -datasource "SERVER\Instance" -database "Adventureworks" -sqlCommand "SELECT 'HELLO WORLD' as Test" -commandTimeout 60
.NOTES
#>
[cmdletbinding()]
param(
[string] $dataSource # Server\Instance"
,[string] $database # Database
,[string] $sqlCommand # Select * From ...
,[int] $commandTimeout # testing
)
$connectionString = "Data Source=$dataSource; " +
"Integrated Security=SSPI; " +
"Initial Catalog=$database"
$connection = new-object system.data.SqlClient.SQLConnection($connectionString)
$command = new-object system.data.sqlclient.sqlcommand($sqlCommand,$connection)
if ($commandTimeout -ge 0){ #Less than 0 would throw an error.
$command.CommandTimeout = $commandTimeout
}
$connection.Open()$adapter = New-Object System.Data.sqlclient.sqlDataAdapter $command
$dataset = New-Object System.Data.DataSet
$adapter.Fill($dataSet) | Out-Null$connection.Close()
return $dataSet
}# SIG # Begin signature block
# MIIEMwYJKoZIhvcNAQcCoIIEJDCCBCACAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUWtePhWj2i+rR+qQzPNhWMNGt
# eUugggI9MIICOTCCAaagAwIBAgIQAIlaOjnVZ71Iw+V7LXZc+jAJBgUrDgMCHQUA
# MCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdDAe
# Fw0xNDAzMjQxMzUyMDNaFw0zOTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMTD1Bvd2Vy
# U2hlbGwgVXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3FNS7yvb++Um
# UIZHm5WjvCt4tugUPcPstma1hmGJQi0d/nU4vMtzxOsRy3ZnvoCK5wp4APeF7AEn
# D09QmBvVW+miIrmE48trXXBJEjPuX3+0O0UsyUU4EmLZmLIlSwQqUETyNfFVw+jc
# 28zgx4BYRZvLJRBGzJSXRTgJEDfTs1sCAwEAAaN2MHQwEwYDVR0lBAwwCgYIKwYB
# BQUHAwMwXQYDVR0BBFYwVIAQH8dWHQvz9lB32VXgMZD3TaEuMCwxKjAoBgNVBAMT
# IVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdIIQqQP1DPImKb9CG4rp
# 8K5d8TAJBgUrDgMCHQUAA4GBAJjEm8n5N8UQ2q1Smbnwzi/I7i9oS7TY+v0G76aY
# 3SPbzzTqTIUNEyIZ64bKL2A+WlY+XmJpilae7kZFseIVec2ipVsMTXoPgRdwAVtN
# A6ZuGp1H0DtFO9tm+cjf9PwbnXur0zx9nfn6X6YfWpWXw2p0LLHKE+SGsvScm4sH
# bVqIMYIBYDCCAVwCAQEwQDAsMSowKAYDVQQDEyFQb3dlclNoZWxsIExvY2FsIENl
# cnRpZmljYXRlIFJvb3QCEACJWjo51We9SMPley12XPowCQYFKw4DAhoFAKB4MBgG
# CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC
# AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYE
# FLlrSHB/g6KHV+Yt/n/cwbisTToWMA0GCSqGSIb3DQEBAQUABIGAdFXslh8CO1s2
# bT34kOvK1UhSSk7DL1Q0w5XI5qw53CrfHcU9ug7ULpAt75Yc+s/Nk1sgNFNFBX4f
# Hn05ur0H5iDhjqW4AzOCu9rxXzeDxtGE7h0mXDDeZGu2FHg1MocsqwMBr3DieNK3
# opq/embDzeIGYDpf/8plCS0EliYzSa8=
# SIG # End signature block
Yes that the signature block for signed code in Powershell - that is how they look. It's not comments.
You can find a lot of articles that walk through the process since many companies do required signed scripts and won't allow changes to the execution policy. So there are definitely reasons to sign the scripts. Quite a few companies are going this route for security reasons so it's really a good thing to learn and use.
Here are some links to explain and walk you through the process:
PowerShell Basics - Execution Policy and Code Signing Part 1
Sign your PowerShell scripts to increase security
Signing PowerShell Scripts
You will also want to find out if your company has any standards, requirements regarding the certificates. You can find more information by searching on "signing powershell scripts"
Sue
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply