通过 Set-AuthenticodeSignature 签署 powershell 脚本时出现未知错误

问题描述 投票:0回答:3

我已从我们信任的 CA 获得了代码签名证书。我尝试在 PowerShell ISE 中签署脚本,但收到“UnknownError”。我已尝试将脚本编码为 UTF-8,但仍然遇到相同的错误。我已经验证该脚本也是 UTF-8。 

$cert=(dir cert:currentuser\my\ -CodeSigningCert)
Set-AuthenticodeSignature C:\Scripts\Certtestnew.ps1 $cert

即使我收到“UnknownError”,它仍然似乎签署了脚本。虽然,当我运行脚本时,我收到“文件 C:\Scripts\Certtestnew.ps1 的内容可能已被篡改,因为 文件与数字签名中存储的哈希值不匹配。”

更新 $证书信息:

PSPath : Microsoft.PowerShell.Security\Certificate::currentuser\my\FDCD31216C3491C2809441344EE6EF5E01EB0550
PSParentPath : Microsoft.PowerShell.Security\Certificate::currentuser\my
PSChildName : FDCD31216C3491C2809441344EE6EF5E01EB0550
PSDrive : Cert
PSProvider : Microsoft.PowerShell.Security\Certificate
PSIsContainer : False
EnhancedKeyUsageList : {}
DnsNameList : {}
SendAsTrustedIssuer : False
Archived : False
Extensions : {System.Security.Cryptography.Oid,System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...;}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
 NotAfter : 10/29/2016 4:05:37 PM
NotBefore : 10/29/2015 3:45:37 PM
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 5, 225...;}
SerialNumber : 60A14A915A0FAFA12311B0998F5892C9
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : FDCD31216C3491C2809441344EE6EF5E01EB0550
Version : 3
Handle : 578311520
Issuer : CN=USER OU=Admin, OU=Admin and Service Accounts, DC=domoain
Subject : CN=USER, OU=Admin, OU=Admin and Service Accounts, DC=domain
powershell certificate powershell-3.0
3个回答
2
投票

对于我的 PowerShell 脚本,运行 

Set-AuthenticodeSignature
后出现的错误“UnknownError”最终是我忘记在 
Windows 10 Home
Administrator mode
中启动 PowerShell。作为“普通”用户,脚本无法应用数字签名。我正在将用户名/类型检查添加到我的脚本中。 June Castillote 出色地解释了如何为 Windows PowerShell 脚本 *.ps1 设置数字签名

1
投票

我刚刚查看了我的域代码签名证书,它具有 

PrivateKey
属性以及在其 
Code Signing
属性下列出的 
EnhancedKeyUsageList

PSPath                   : Microsoft.PowerShell.Security\Certificate::CurrentUser\My\XXX
PSParentPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\My
PSChildName              : XXX
PSDrive                  : Cert
PSProvider               : Microsoft.PowerShell.Security\Certificate
PSIsContainer            : False
EnhancedKeyUsageList     : {Code Signing (1.3.6.1.5.5.7.3.3)}
DnsNameList              : {XXX}
SendAsTrustedIssuer      : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
PolicyId                 :
Archived                 : False
Extensions               : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
                           System.Security.Cryptography.Oid...}
FriendlyName             : XXX
IssuerName               : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter                 : XXX
NotBefore                : XXX
HasPrivateKey            : True
PrivateKey               : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey                : System.Security.Cryptography.X509Certificates.PublicKey
RawData                  : XXX
SerialNumber             : XXX
SubjectName              : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm       : System.Security.Cryptography.Oid
Thumbprint               : XXX
Version                  : 3
Handle                   : XXX
Issuer                   : XXX
Subject                  : XXX

这让我询问您的证书对于代码签名是否有效。您可能需要重新审视您的证书请求并确保。

$error 翻倒后包含什么?

0
投票

这个问题已经很老了,但我可能会为可能来到这里的任何人提供一个答案的链接:Github 评论

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.