Windows Script Host  

Signing a Script

Signing a script writes a digital signature block of comments in a script. The signature, which contains encoded information about the identity of the author, also encapsulates encoded information about the script itself. Consequently, any attempt to change the script invalidates the signature.

Script signing is programmatically accomplished with the Scripting.Signer object's SignFile method.

<job>
<runtime>
   <named name="file" helpstring="the file to sign" required="true" type="string"/>
   <named name="cert" helpstring="the name of the signing certificate" required="true" type="string"/>
   <named name="store" helpstring="the name of the certificate store" required="false" type="string"/>
</runtime>
<script language="JScript">
   var Signer, File, Cert, Store;
   if (!(WScript.Arguments.Named.Exists("cert") && WScript.Arguments.Named.Exists("file"))) 
   {
      WScript.Arguments.ShowUsage();
      WScript.Quit();
   }
   Signer = new ActiveXObject("Scripting.Signer");
   File  = WScript.Arguments.Named("file");
   Cert  = WScript.Arguments.Named("cert");
   if (WScript.Arguments.Named.Exists("store"))
   {
      Store = WScript.Arguments.Named("store");
   }
   else
   {
      Store = "";
   }
    Signer.SignFile(File, Cert, Store);
</script>
</job>
Note   In order to sign a script, you must have a valid certificate. Ask your Administrator about your certification policy or contact a commercial certification authority.

See Also

Security and Windows Script Host | Verifying a Script | Signature Verification Policy | WinTrust | Signing a Script