21 Signing your script

 

In the world of highly effective PowerShell toolmakers, script signing is a habit that can’t be overlooked. While some might find it daunting or unnecessary, we firmly believe in its importance, which is why this chapter exists. Whether you anticipate your scripts staying within your organization or not, script signing, coupled with source control, should be a part of your toolkit.

21.1 The significance of script signing

Why should you invest your time and effort in script signing? At its core, a signed script serves two crucial purposes. First, it authenticates the identity of the script’s author. Now, this doesn’t necessarily guarantee the script’s safety or quality, but if the script is signed, you can at least trace it back to its creator. Second, signing ensures script integrity, verifying if the code has been tampered with since it was signed. Protecting your code is paramount, especially when it leaves the confines of your organization. Let’s say you receive a script from Sally or download one from a blog. How confident are you that every line of code is precisely as Sally intended? If she has signed the file, you can be certain that every character is a true reflection of Sally’s work. Should any malicious code be discovered, you can hold Sally accountable.

21.2 A word about certificates

21.3 Configure your script signing policy

21.4 Code-signing basics

21.4.1 Acquiring a code-signing certificate

21.4.2 Trusting self-signed certificates

21.4.3 Signing your scripts

21.4.4 Testing script signatures

Summary