Signing a script writes a digital signature block of comments in a script. The signature, which contains encoded information about the identity of the author, also encapsulates encoded information about the script itself. Consequently, any attempt to change the script invalidates the signature.
Script signing is programmatically accomplished with the Scripting.Signer object's SignFile method.
<job> <runtime> <named name="file" helpstring="the file to sign" required="true" type="string"/> <named name="cert" helpstring="the name of the signing certificate" required="true" type="string"/> <named name="store" helpstring="the name of the certificate store" required="false" type="string"/> </runtime> <script language="JScript"> var Signer, File, Cert, Store; if (!(WScript.Arguments.Named.Exists("cert") && WScript.Arguments.Named.Exists("file"))) { WScript.Arguments.ShowUsage(); WScript.Quit(); } Signer = new ActiveXObject("Scripting.Signer"); File = WScript.Arguments.Named("file"); Cert = WScript.Arguments.Named("cert"); if (WScript.Arguments.Named.Exists("store")) { Store = WScript.Arguments.Named("store"); } else { Store = ""; } Signer.SignFile(File, Cert, Store); </script> </job>
Note In order to sign a script, you must have a valid certificate. Ask your Administrator about your certification policy or contact a commercial certification authority.
Security and Windows Script Host | Verifying a Script | Signature Verification Policy | WinTrust | Signing a Script