Using Powershell and code encryption. New to this stuff

  • Below is a powershell script. Looks like it is encrypted with a signature block. I want to make a small change to server name in the script. After the change i have to encrypt the ps1 file again with a signature block, right? Can you show me step by step how i can encrypt the file with signature block as below using command prompt

    Function Invoke-SQL.net {
    <#
    .SYNOPSIS
      Invoke a SQL connection and command via .NET without having SQL Server/Tools installed.
    .DESCRIPTION
      If the Invoke-sqlcmd function is not usable because the module/snapins are missing then this may suffice.
      As this is a very lite implementation (no support for Output Parameters so all commands must return a dataset to be validated) it is mostly superseeded by Invoke-SqlCmd (provided the snapin/module is available)
    .EXAMPLE
      Invoke-SQL.net -datasource "SERVER\Instance" -database "Adventureworks" -sqlCommand "SELECT 'HELLO WORLD' as Test" -commandTimeout 60
    .NOTES
    #>
    [cmdletbinding()]
    param(
      [string] $dataSource # Server\Instance"
      ,[string] $database  # Database
      ,[string] $sqlCommand  # Select * From ...
      ,[int] $commandTimeout # testing
      )
       
      $connectionString = "Data Source=$dataSource; " +
        "Integrated Security=SSPI; " +
        "Initial Catalog=$database"
      $connection = new-object system.data.SqlClient.SQLConnection($connectionString)
      $command = new-object system.data.sqlclient.sqlcommand($sqlCommand,$connection)
      if ($commandTimeout -ge 0){ #Less than 0 would throw an error.
       $command.CommandTimeout = $commandTimeout
      }
      $connection.Open()

      $adapter = New-Object System.Data.sqlclient.sqlDataAdapter $command
      $dataset = New-Object System.Data.DataSet
      $adapter.Fill($dataSet) | Out-Null

      $connection.Close()
      return $dataSet
      
    }

    # SIG # Begin signature block
    # MIIEMwYJKoZIhvcNAQcCoIIEJDCCBCACAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
    # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
    # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUWtePhWj2i+rR+qQzPNhWMNGt
    # eUugggI9MIICOTCCAaagAwIBAgIQAIlaOjnVZ71Iw+V7LXZc+jAJBgUrDgMCHQUA
    # MCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdDAe
    # Fw0xNDAzMjQxMzUyMDNaFw0zOTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMTD1Bvd2Vy
    # U2hlbGwgVXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3FNS7yvb++Um
    # UIZHm5WjvCt4tugUPcPstma1hmGJQi0d/nU4vMtzxOsRy3ZnvoCK5wp4APeF7AEn
    # D09QmBvVW+miIrmE48trXXBJEjPuX3+0O0UsyUU4EmLZmLIlSwQqUETyNfFVw+jc
    # 28zgx4BYRZvLJRBGzJSXRTgJEDfTs1sCAwEAAaN2MHQwEwYDVR0lBAwwCgYIKwYB
    # BQUHAwMwXQYDVR0BBFYwVIAQH8dWHQvz9lB32VXgMZD3TaEuMCwxKjAoBgNVBAMT
    # IVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdIIQqQP1DPImKb9CG4rp
    # 8K5d8TAJBgUrDgMCHQUAA4GBAJjEm8n5N8UQ2q1Smbnwzi/I7i9oS7TY+v0G76aY
    # 3SPbzzTqTIUNEyIZ64bKL2A+WlY+XmJpilae7kZFseIVec2ipVsMTXoPgRdwAVtN
    # A6ZuGp1H0DtFO9tm+cjf9PwbnXur0zx9nfn6X6YfWpWXw2p0LLHKE+SGsvScm4sH
    # bVqIMYIBYDCCAVwCAQEwQDAsMSowKAYDVQQDEyFQb3dlclNoZWxsIExvY2FsIENl
    # cnRpZmljYXRlIFJvb3QCEACJWjo51We9SMPley12XPowCQYFKw4DAhoFAKB4MBgG
    # CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC
    # AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYE
    # FLlrSHB/g6KHV+Yt/n/cwbisTToWMA0GCSqGSIb3DQEBAQUABIGAdFXslh8CO1s2
    # bT34kOvK1UhSSk7DL1Q0w5XI5qw53CrfHcU9ug7ULpAt75Yc+s/Nk1sgNFNFBX4f
    # Hn05ur0H5iDhjqW4AzOCu9rxXzeDxtGE7h0mXDDeZGu2FHg1MocsqwMBr3DieNK3
    # opq/embDzeIGYDpf/8plCS0EliYzSa8=
    # SIG # End signature block

  • Why do you think it needs to be encrypted?  It's a powershell script and that signature block is just comments.

  • fafful - Tuesday, August 21, 2018 7:14 AM

    Below is a powershell script. Looks like it is encrypted with a signature block. I want to make a small change to server name in the script. After the change i have to encrypt the ps1 file again with a signature block, right? Can you show me step by step how i can encrypt the file with signature block as below using command prompt

    Function Invoke-SQL.net {
    <#
    .SYNOPSIS
      Invoke a SQL connection and command via .NET without having SQL Server/Tools installed.
    .DESCRIPTION
      If the Invoke-sqlcmd function is not usable because the module/snapins are missing then this may suffice.
      As this is a very lite implementation (no support for Output Parameters so all commands must return a dataset to be validated) it is mostly superseeded by Invoke-SqlCmd (provided the snapin/module is available)
    .EXAMPLE
      Invoke-SQL.net -datasource "SERVER\Instance" -database "Adventureworks" -sqlCommand "SELECT 'HELLO WORLD' as Test" -commandTimeout 60
    .NOTES
    #>
    [cmdletbinding()]
    param(
      [string] $dataSource # Server\Instance"
      ,[string] $database  # Database
      ,[string] $sqlCommand  # Select * From ...
      ,[int] $commandTimeout # testing
      )
       
      $connectionString = "Data Source=$dataSource; " +
        "Integrated Security=SSPI; " +
        "Initial Catalog=$database"
      $connection = new-object system.data.SqlClient.SQLConnection($connectionString)
      $command = new-object system.data.sqlclient.sqlcommand($sqlCommand,$connection)
      if ($commandTimeout -ge 0){ #Less than 0 would throw an error.
       $command.CommandTimeout = $commandTimeout
      }
      $connection.Open()

      $adapter = New-Object System.Data.sqlclient.sqlDataAdapter $command
      $dataset = New-Object System.Data.DataSet
      $adapter.Fill($dataSet) | Out-Null

      $connection.Close()
      return $dataSet
      
    }

    # SIG # Begin signature block
    # MIIEMwYJKoZIhvcNAQcCoIIEJDCCBCACAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
    # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
    # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUWtePhWj2i+rR+qQzPNhWMNGt
    # eUugggI9MIICOTCCAaagAwIBAgIQAIlaOjnVZ71Iw+V7LXZc+jAJBgUrDgMCHQUA
    # MCwxKjAoBgNVBAMTIVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdDAe
    # Fw0xNDAzMjQxMzUyMDNaFw0zOTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMTD1Bvd2Vy
    # U2hlbGwgVXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3FNS7yvb++Um
    # UIZHm5WjvCt4tugUPcPstma1hmGJQi0d/nU4vMtzxOsRy3ZnvoCK5wp4APeF7AEn
    # D09QmBvVW+miIrmE48trXXBJEjPuX3+0O0UsyUU4EmLZmLIlSwQqUETyNfFVw+jc
    # 28zgx4BYRZvLJRBGzJSXRTgJEDfTs1sCAwEAAaN2MHQwEwYDVR0lBAwwCgYIKwYB
    # BQUHAwMwXQYDVR0BBFYwVIAQH8dWHQvz9lB32VXgMZD3TaEuMCwxKjAoBgNVBAMT
    # IVBvd2VyU2hlbGwgTG9jYWwgQ2VydGlmaWNhdGUgUm9vdIIQqQP1DPImKb9CG4rp
    # 8K5d8TAJBgUrDgMCHQUAA4GBAJjEm8n5N8UQ2q1Smbnwzi/I7i9oS7TY+v0G76aY
    # 3SPbzzTqTIUNEyIZ64bKL2A+WlY+XmJpilae7kZFseIVec2ipVsMTXoPgRdwAVtN
    # A6ZuGp1H0DtFO9tm+cjf9PwbnXur0zx9nfn6X6YfWpWXw2p0LLHKE+SGsvScm4sH
    # bVqIMYIBYDCCAVwCAQEwQDAsMSowKAYDVQQDEyFQb3dlclNoZWxsIExvY2FsIENl
    # cnRpZmljYXRlIFJvb3QCEACJWjo51We9SMPley12XPowCQYFKw4DAhoFAKB4MBgG
    # CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC
    # AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYE
    # FLlrSHB/g6KHV+Yt/n/cwbisTToWMA0GCSqGSIb3DQEBAQUABIGAdFXslh8CO1s2
    # bT34kOvK1UhSSk7DL1Q0w5XI5qw53CrfHcU9ug7ULpAt75Yc+s/Nk1sgNFNFBX4f
    # Hn05ur0H5iDhjqW4AzOCu9rxXzeDxtGE7h0mXDDeZGu2FHg1MocsqwMBr3DieNK3
    # opq/embDzeIGYDpf/8plCS0EliYzSa8=
    # SIG # End signature block

    Yes that the signature block for signed code in Powershell - that is how they look. It's not comments.
    You can find a lot of articles that walk through the process since many companies do required signed scripts and won't allow changes to the execution policy. So there are definitely reasons to sign the scripts. Quite a few companies are going this route for security reasons so it's really a good thing to learn and use.
    Here are some links to explain and walk you through the process:
    PowerShell Basics - Execution Policy and Code Signing Part 1
    Sign your PowerShell scripts to increase security
    Signing PowerShell Scripts

    You will also want to find out if your company has any standards, requirements regarding the certificates. You can find more information by searching on "signing powershell scripts"

    Sue

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply