X
GO
en-USfr-FR
Blog
16mai

How to sign XML file with PowerShell

Jean-Yves Moschetto (ANVOLE) | PowerShell, XML, Sign | | View Counts (1160) |Return|
0 ( 0 reviews)
|

      Hi,

It often happened in my developments to have to protect my sources, and be sure that the configuration XML file I used, was not modified by some people.

For that, the idea if to sign my configuration XML file, and later the program which has to read the file to first check XML signature.

Of course, you first need a "Code Signing" certificate

Param ([string]$CommandLine)
[void][reflection.assembly]::Load('System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a')
function Sign-XML
{
 Param ( [xml]$xml, [system.Security.Cryptography.RSA]$rsaKey )
 
 [System.Security.Cryptography.xml.SignedXml]$signedXml = $NULL
 $signedXml = New-Object System.Security.Cryptography.Xml.SignedXml -ArgumentList $xml
 $signedXml.SigningKey = $rsaKey
 
 $Reference = New-Object System.Security.Cryptography.Xml.Reference
 $Reference.Uri = ""
 
 $env = New-Object System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform
 
 $Reference.AddTransform($env);
 $signedXml.AddReference($Reference)
 $signedXml.ComputeSignature()
 
 [System.Xml.XmlElement]$xmlSignatur = $signedXml.GetXml()
 #Add signature to end of xml file
 $xml.DocumentElement.AppendChild($xml.ImportNode($xmlSignatur, $true))
 
 if ($xml.FirstChild -is [system.xml.XmlDeclaration])
 {
  $xml.RemoveChild($xml.FirstChild);
 }
 $xml
}
function Verify-XmlSignature
{
 Param (
  [xml]$checkxml,
  [system.Security.Cryptography.RSA]$Key
 )
 
 [System.Security.Cryptography.Xml.SignedXml]$signedXml = New-Object System.Security.Cryptography.Xml.SignedXml -ArgumentList $checkxml
 $XmlNodeList = $checkxml.GetElementsByTagName("Signature")
 $signedXml.LoadXml([System.Xml.XmlElement] ($XmlNodeList[0]))
 $check = $signedXml.CheckSignature($key)
 return $check
}
$SignerSubject = 'E=jeanyves.moschetto@yoursystems.eu, CN=Jean-Yves Moschetto, OU=Carib Infra, O=YourSystems, L=LILLE, S=NORD, C=FR'
$SigningCert = Get-ChildItem -Path cert:\CurrentUser\My -CodeSigningCert | Where-Object { $_.Subject -eq "$SignerSubject" }

$Source = [System.IO.FileInfo]$CommandLine
$Destination = "$($Source.DirectoryName)\$($Source.BaseName).signed$($Source.Extension)"
#DO ENCRYPT FILE HERE
[xml]$XMLsource = Get-content -Path $Source.FullName
Sign-XML -xml $XMLsource -rsaKey $SigningCert.PrivateKey
$XMLsource.Save($Destination)

#DO TEST DECRYPT FILE HERE - Function to be taken in program for which to protect xml
[xml]$XMLdestination = Get-content -Path $Destination 
$Result = Verify-XmlSignature -checkxml $XMLdestination -Key $SigningCert.PublicKey.Key

 

Result

This is beyond the result of a signed XML file. We can clearly see the added section "Signature"


    
        
            
            
            
                
                    
                
                
                aX1H1LG0cw06PPcLwxKLvxCdNFw=
            
        
        TXqx+h7TCs04o1vTUWkN/S43JQiEtbdv+Rx5/V6J+bRUABcapYlyiFnoiP3h071PKvTVDuECJ9Ospkmq2ezXHaV/VGj/5HFmsqWsd8WklG+15iD6daab6QZdoL0683WJN/am4OX0CU3097mcUSlljQZaeIj7LSM2quGhylU0RYzFWWIMkX4sY1jVvd+x4f3w6ivztbHClr70pyEOKLdrAiOosmxLQSI9HC/Do8GMnj4al7FUOx2VvyBj/Nu6YcWu0HWxQne8+OXjdyM74VoTVVnZDB1oYil4/2AE6RifoKYxQ7QAIrxMYzXHdc8TC7/xde0VAoDMnbp22jkHobyZGg==
    

Related

Difficile de répliquer des connecteurs Exchange

Lorsque plusieurs serveurs Microsoft Exchange reçoivent des e-mails, vous devez créer exactement les...

Bulk Deploy Microsoft Windows Nano Server 2016 and join domain

As I searched the web how to automatically deploy NANO server and join it to Active Directory, I cou...

DSC myAdExchPrepareSchema.psm1

During some automatized deployments, as often, we have to deploy Microsoft Exchange 2016 automatical...

Authenticating users with smartcard and login/password

When a user opens an Active Directory session with his smartcard, it happens that some applications ...

Categories
Tags
Popular
  • Recent
  • Popular
  • Tag