-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathRightClickToCodeSign.ps1
More file actions
143 lines (124 loc) · 8.15 KB
/
RightClickToCodeSign.ps1
File metadata and controls
143 lines (124 loc) · 8.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<#
.SYNOPSIS
Script that adds a right click menu to sign files using a specified code signing certificate.
.DESCRIPTION
RightClickToCodeSign is a simple PowerShell script that adds a right click context menu to Code Sign Files using the right click menu.
.EXAMPLE
Install the Script, select the Code Signing Cert from a menu
RightClickToCodeSign.ps1 -Install -InstallChooseCert -timestamp "http://timestamp.digicert.com" -Algorithm SHA256
.EXAMPLE
Install the Script, select the Code Signing Cert using the Subject and Issuer (use * as a wildcard)
RightClickToCodeSign.ps1 -Install -Subject "Andrews Code Si*" -Issuer "Andrew*" -timestamp "http://timestamp.digicert.com" -Algorithm SHA256
.EXAMPLE
Uninstall the Script
RightClickToCodeSign.ps1 -Uninstall
.NOTES
This script is installed in the User Context
Created by Andrew Jimenez (@asjimene) 2020-04-12
#>
Param (
# Specifies a path to one or more locations. Unlike the Path parameter, the value of the LiteralPath parameter is
# used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters,
# enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any
# characters as escape sequences.
[Parameter(Mandatory = $false,
Position = 0,
ParameterSetName = "LiteralPath",
ValueFromPipelineByPropertyName = $true,
HelpMessage = "Literal path to one or more locations.")]
[Alias("PSPath")]
[ValidateNotNullOrEmpty()]
[string[]]
$LiteralPath,
# Uninstall Switch: Run this Script with the uninstall Switch to uninstall the Script and remove the Registry changes to your account
[Parameter(Mandatory = $false, ParameterSetName = "Uninstall")]
[switch]
$Uninstall = $false,
# Install Switch: Run this Script with the Install Switch to Install the Script and add the Registry changes to your account
[Parameter(Mandatory = $false, ParameterSetName = "Install")]
[Parameter(Mandatory = $false, ParameterSetName = "InstallChooseCert")]
[switch]
$Install = $false,
# Extension List: Choose the Extensions to add the right-click context menu to
[Parameter(Mandatory = $false, ParameterSetName = "Install")]
[Parameter(Mandatory = $false, ParameterSetName = "InstallChooseCert")]
[String[]]
$ExtensionList = @(".ps1",".exe"),
# InstallChooseCert Switch: Add this switch to choose the cert to sign with directly from a pop-up menu instead of specifying the subject and Issuer
[Parameter(Mandatory = $true, ParameterSetName = "InstallChooseCert")]
[switch]
$InstallChooseCert = $false,
# Issuer: The issuer to search for, supports the * wildcard
[Parameter(Mandatory = $true, ParameterSetName = "Install")]
[String]
$Issuer,
# Subject: The subject of the cert to search for, supports the * wildcard
[Parameter(Mandatory = $true, ParameterSetName = "Install")]
[String]
$Subject,
# Timestamp: The timestamp server for signing
[Parameter(Mandatory = $true, ParameterSetName = "Install")]
[Parameter(Mandatory = $true, ParameterSetName = "InstallChooseCert")]
[String]
$Timestamp,
# Algorithm: The algorithm to use when signing files, default is SHA256
[Parameter(Mandatory = $false, ParameterSetName = "Install")]
[Parameter(Mandatory = $false, ParameterSetName = "InstallChooseCert")]
[String]
$Algorithm = "SHA256"
)
$Global:NameOfThisScript = "RightClickToCodeSign"
$Global:ScriptFileName = "CodeSignFile"
$Global:RightClickName = "Code Sign File"
if ($Install) {
Write-Output "Creating $Global:ScriptFileName folder in LOCALAPPDATA folder"
New-Item -ItemType Directory -Path $env:LOCALAPPDATA -Name $Global:ScriptFileName -ErrorAction SilentlyContinue
if ($InstallChooseCert) {
$SelectedCert = Get-ChildItem 'Cert:\CurrentUser\My' -CodeSigningCert | Out-GridView -Title "Choose the Signing Certificate" -OutputMode Single
$Subject = $SelectedCert.Subject
$Issuer = $SelectedCert.Issuer
}
Write-Output "Copying Script to $Global:ScriptFileName Folder"
#Copy-Item "$PSScriptRoot\$($Global:NameOfThisScript).ps1" -Destination "$env:LOCALAPPDATA\$($Global:ScriptFileName)\$($Global:ScriptFileName).ps1" -ErrorAction SilentlyContinue
(Get-Content "$PSScriptRoot\$($Global:NameOfThisScript).ps1").Replace('_ISSUER_', "$Issuer").Replace('_SUBJECT_', "$Subject").Replace('_TIMESTAMP_', $Timestamp).Replace('_ALGORITHM_', $Algorithm) | Out-File -FilePath "$env:LOCALAPPDATA\$($Global:ScriptFileName)\$($Global:ScriptFileName).ps1" -Encoding utf8 -Force
foreach ($extension in $ExtensionList) {
# Reg2CI (c) 2020 by Roger Zander
if ((Test-Path -LiteralPath "HKCU:\Software\Classes\SystemFileAssociations\$($extension)") -ne $true) { New-Item "HKCU:\Software\Classes\SystemFileAssociations\$($extension)" -force -ea SilentlyContinue };
if ((Test-Path -LiteralPath "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell") -ne $true) { New-Item "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell" -force -ea SilentlyContinue };
if ((Test-Path -LiteralPath "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell\$($Global:RightClickName)") -ne $true) { New-Item "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell\$($Global:RightClickName)" -force -ea SilentlyContinue };
if ((Test-Path -LiteralPath "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell\$($Global:RightClickName)\command") -ne $true) { New-Item "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell\$($Global:RightClickName)\command" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell\$($Global:RightClickName)" -Name '(default)' -Value "$($Global:RightClickName)" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath "HKCU:\Software\Classes\SystemFileAssociations\$($extension)\shell\$($Global:RightClickName)\command" -Name '(default)' -Value "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -Command `"$env:LOCALAPPDATA\$($Global:ScriptFileName)\$($Global:ScriptFileName).ps1`" -LiteralPath '%1'" -PropertyType String -Force -ea SilentlyContinue;
}
Write-Output "Installation Complete, You should test CodeSigning on the file: `"$env:LOCALAPPDATA\$($Global:ScriptFileName)\$($Global:ScriptFileName).ps1`" (The path has been copied to your clipboard)"
Write-Output "$env:LOCALAPPDATA\$($Global:ScriptFileName)" | Set-Clipboard
Pause
}
if ($Uninstall) {
Write-Output "Removing Script from LOCALAPPDATA"
Remove-Item "$env:LOCALAPPDATA\$($Global:ScriptFileName)" -Force -Recurse -ErrorAction SilentlyContinue
$InstalledLocations = (Get-ChildItem "HKCU:\Software\Classes\SystemFileAssociations\*\shell\$($Global:RightClickName)").PSPath
Write-Output "Cleaning Up Registry"
foreach ($Location in $InstalledLocations) {
if ((Test-Path -LiteralPath $Location) -eq $true) {
$ShellPath = (Get-Item $Location).PSParentPath
$ExtensionPath = (Get-Item (Get-Item $Location).PSParentPath).PSParentPath
Write-Output "Removing $Location"
Remove-Item $Location -force -Recurse -ea SilentlyContinue
if ([System.String]::IsNullOrEmpty((Get-ChildItem $ShellPath))) {
Write-Output "Removing" $ShellPath
Remove-Item $ShellPath -force -Recurse -ea SilentlyContinue
}
if ([System.String]::IsNullOrEmpty((Get-ChildItem $ExtensionPath))) {
Write-Output "Removing" $ExtensionPath
Remove-Item $ExtensionPath -force -Recurse -ea SilentlyContinue
}
}
}
Write-Output "Uninstallation Complete!"
Pause
}
if ((-not $Install) -and (-not $Uninstall)) {
$cert = Get-ChildItem Cert:\CurrentUser\My\ -CodeSigningCert | Where-Object Issuer -like '_ISSUER_' | Where-Object Subject -like '_SUBJECT_'
Set-AuthenticodeSignature -Certificate $cert -TimestampServer '_TIMESTAMP_' -HashAlgorithm _ALGORITHM_ -FilePath "$LiteralPath"
}