Skip to content

Blend Authenticode features into psign#18

Merged
Marc-André Moreau (mamoreau-devolutions) merged 3 commits into
masterfrom
mamoreau-devolutions/module-gap-analysis
May 26, 2026
Merged

Blend Authenticode features into psign#18
Marc-André Moreau (mamoreau-devolutions) merged 3 commits into
masterfrom
mamoreau-devolutions/module-gap-analysis

Conversation

@mamoreau-devolutions
Copy link
Copy Markdown
Contributor

@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) commented May 26, 2026
edited
Loading

Summary

  • Remove the explicit OpenAuthenticode compatibility command layer from the original PR direction.
  • Keep the useful behavior on existing psign-native surfaces instead:
    • Set-PsignSignature -AppendSignature appends PE Authenticode signatures.
    • Set-PsignSignature replaces existing PE signatures by default before writing a new one.
    • Unprotect-PsignSignature clears PE signatures automatically, and still strips PowerShell-family script blocks including .psc1.
    • PE detection now works from file magic when the extension is missing or unknown.
    • PortableSignature exposes decoded CMS details via SignedCms, plus Certificate and HashAlgorithm aliases when PKCS#7 bytes are available.
  • Replace compatibility-wrapper tests with psign-native feature tests.

Deferred

  • ECDSA signing remains a separate core crypto task because the current CMS producer is RSA-only.
  • Azure KeyProvider object cloning is intentionally not included; psign keeps its direct Azure KV / Trusted Signing parameters.

Validation

  • cargo fmt --all
  • ./PowerShell/build.ps1 -Configuration Debug
  • cargo clippy --workspace --all-targets --locked
  • cargo test --workspace --locked
  • pwsh -NoLogo -NoProfile -Command "Invoke-Pester -Path .\PowerShell\tests\PsignSignature.NativeFeatures.Tests.ps1 -CI"
  • pwsh -NoLogo -NoProfile -Command "Invoke-Pester -Path .\PowerShell\tests -CI"

@mamoreau-devolutions
Blend Authenticode features into psign
cf257bd 
Keep the useful feature work from the OpenAuthenticode comparison on psign-native surfaces instead of exporting compatibility command clones.

Add PE signature clearing, PE append signing, extensionless PE detection, .psc1 clear support, and initial SignedCms projection through existing psign cmdlets.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) force-pushed the mamoreau-devolutions/module-gap-analysis branch from 30576a4 to cf257bd Compare May 26, 2026 12:14
@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) changed the title Add OpenAuthenticode compatibility layer Blend Authenticode features into psign May 26, 2026
@mamoreau-devolutions
Align portable PE signing with SignTool
8015154 
Make portable PE signing replace existing embedded signatures by default and reserve append behavior for --append-signature (/as), matching SignTool semantics across native-shaped portable signing, portable sign-pe, and code PE signing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@mamoreau-devolutions
Expand PE signature replacement tests
31430dd 
Add regression coverage for SignTool-compatible replace-by-default behavior through the PowerShell Set-PsignSignature surface and psign-tool code signing. Existing psign-tool portable sign-pe and native-shaped portable sign tests cover append opt-in with --append-signature.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) merged commit 41b2ba1 into master May 26, 2026
36 checks passed
@mamoreau-devolutions Marc-André Moreau (mamoreau-devolutions) deleted the mamoreau-devolutions/module-gap-analysis branch May 26, 2026 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mamoreau-devolutions