jhoneill · January 9, 2024 11:11
diff --git a/sign.ps1 b/sign.ps1
 <#
 .Synopsis
   Signs a script 
 .DESCRIPTION
   Gets a users code signing certificate, (if there is just one in "Cert:\CurrentUser\My" it will be selected automatically)  
   and uses it to sign a script file using a timestamping service.
   Without the Time Stamp (Comodo CA is used by default) the signature is only valid for the range of dates on the certificate  
   If -passthrough is specified, retuns the certificate object 
   Else, if -quiet is specified doesn't reurn anything
   Otherwise outputs the detail of the signature
   
 .EXAMPLE
    Sign .\sign.ps1
    Signs this file
 .EXAMPLE
   sign .\sign.ps1 -certPath Cert:\CurrentUser\My\2BC8A723CD7DCFC06DF50C8311512E798B954D89
   Signs the file, but this time with a specific certificate (e.g. if you have more than one)
 .EXAMPLE
   Get-AuthenticodeSignature .\sig*.ps1 | where Status -ne "Valid" | sign
   Gets files which don't have a valid signature, and signs them 
 .INPUTS
   Files can be piped into sign
 #>

 param (  #The File to be signed (wild cards work)
         [parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
         [Alias("PSPath")]$path, 
         #the path to a container which holds a code signing certificate, or to a sing certificate
         $certPath   ="Cert:\CurrentUser\My" , 
         #The URL for a public cryptographic time stamp service
         $TimeServer = "http://timestamp.comodoca.com/authenticode",
         #Do not return any output 
         [switch]$quiet, 
         #Return output as a signature object  
         [switch]$passthru) 
 begin   {#Get the Certificate  
          $cert=Get-ChildItem -CodeSigningCert -Path $certPath }
 Process {#If we got it OK, sign and return the signature as dictated by -quiet / -passthrough ; otherwise give a warning. 
          if (-not $cert) {Write-Warning -Message "Couldn't find a signing certificate for you to sign $path; you can try using -certpath"}
          else            {$Sig = Set-AuthenticodeSignature -Certificate $cert -FilePath $path -TimestampServer $TimeServer 
                           if    (-not $sig.TimeStamperCertificate) {Write-Warning -Message "$path Does not appear to be properly signed."} 
                           elseif(     $passthru)                   {$sig }
                           elseif(-not $quiet)                      {$sig | Format-List} 
          }   
 }
	<#
	.Synopsis
	Signs a script
	.DESCRIPTION
	Gets a users code signing certificate, (if there is just one in "Cert:\CurrentUser\My" it will be selected automatically)
	and uses it to sign a script file using a timestamping service.
	Without the Time Stamp (Comodo CA is used by default) the signature is only valid for the range of dates on the certificate
	If -passthrough is specified, retuns the certificate object
	Else, if -quiet is specified doesn't reurn anything
	Otherwise outputs the detail of the signature

	.EXAMPLE
	Sign .\sign.ps1
	Signs this file
	.EXAMPLE
	sign .\sign.ps1 -certPath Cert:\CurrentUser\My\2BC8A723CD7DCFC06DF50C8311512E798B954D89
	Signs the file, but this time with a specific certificate (e.g. if you have more than one)
	.EXAMPLE
	Get-AuthenticodeSignature .\sig*.ps1 \| where Status -ne "Valid" \| sign
	Gets files which don't have a valid signature, and signs them
	.INPUTS
	Files can be piped into sign
	#>

	param ( #The File to be signed (wild cards work)
	[parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true)]
	[Alias("PSPath")]$path,
	#the path to a container which holds a code signing certificate, or to a sing certificate
	$certPath ="Cert:\CurrentUser\My" ,
	#The URL for a public cryptographic time stamp service
	$TimeServer = "http://timestamp.comodoca.com/authenticode",
	#Do not return any output
	[switch]$quiet,
	#Return output as a signature object
	[switch]$passthru)
	begin {#Get the Certificate
	$cert=Get-ChildItem -CodeSigningCert -Path $certPath }
	Process {#If we got it OK, sign and return the signature as dictated by -quiet / -passthrough ; otherwise give a warning.
	if (-not $cert) {Write-Warning -Message "Couldn't find a signing certificate for you to sign $path; you can try using -certpath"}
	else {$Sig = Set-AuthenticodeSignature -Certificate $cert -FilePath $path -TimestampServer $TimeServer
	if (-not $sig.TimeStamperCertificate) {Write-Warning -Message "$path Does not appear to be properly signed."}
	elseif( $passthru) {$sig }
	elseif(-not $quiet) {$sig \| Format-List}
	}
	}