Get a glimpse inside Don Jones' book "Managing Windows with VBScript and WMI" with this series of book excerpts. Below is an excerpt from Chapter 28, "Scripting Security." Click for the complete book excerpt series or purchase the book.
Digitally Signing Scripts
A signed script includes a digital signature as a block comment within the file. You need to be using the WSH 5.6 or later XML format, because it contains a specific element for storing the certificate. Take Listing 28.1 as an example.
Listing 28.1 Signer.vbs. This script signs another one.
Then, the actual script begins. It checks first to see that both the "cert" and "file" command-line arguments were provided; if they weren't, the script displays the help information and exits.
Note that anyone can get into the file and modify its signature. However, the signature no longer matches the script, and it cannot pass the trust test conducted by WSH. Similarly, any changes to the script's code, after it is signed, fail the trust test.
Click for the next excerpt in this series: Running Only Signed Scripts.
Click for book details or purchase the book.
This was first published in April 2005