Product: PowerShell Studio 2025 (64 Bit)
Build: v5.9.252
OS: Windows 10.0.19045
PS Version(s): 5.1.19041.1, 7.4.6
Hi - is anyone successfully SSL signing PowerShell packages with PowerShell Studio and the new style code-signing certificates? Or does anyone know any documentation on how to set this up?
I have an SSL certificate installed on a FIPS YubiKey.
I have exported the certificate from the YubiKey and imported it to my personal store in the Windows User Certificate Manager.
I have installed the Smart card driver for the YubiKey.
In PowerShell Studio, I can select the code signing certificate from the certificate manager store, and when I try to build build the PowerShell signed exe package, I am prompted by the Smart Card driver for the YubiKey security PIN, which is being validated correctly (if I enter the wrong PIN it rejects me!).
At that point I get hundreds of lines of log output that start with a couple of lines about "AmsiScanString failed!" and then hundreds of "windows_credential_provider" lines like below - not sure what to do next? Any suggestions?
Build: v5.9.252
OS: Windows 10.0.19045
PS Version(s): 5.1.19041.1, 7.4.6
Hi - is anyone successfully SSL signing PowerShell packages with PowerShell Studio and the new style code-signing certificates? Or does anyone know any documentation on how to set this up?
I have an SSL certificate installed on a FIPS YubiKey.
I have exported the certificate from the YubiKey and imported it to my personal store in the Windows User Certificate Manager.
I have installed the Smart card driver for the YubiKey.
In PowerShell Studio, I can select the code signing certificate from the certificate manager store, and when I try to build build the PowerShell signed exe package, I am prompted by the Smart Card driver for the YubiKey security PIN, which is being validated correctly (if I enter the wrong PIN it rejects me!).
At that point I get hundreds of lines of log output that start with a couple of lines about "AmsiScanString failed!" and then hundreds of "windows_credential_provider" lines like below - not sure what to do next? Any suggestions?
WARNING: AmsiScanString failed!
Writing scripts to bin\x64\_logonscript\_logonscript.exe
Warning: Cannot open AMSI session
WARNING: AmsiScanString failed!
[2m2025-01-23T10:39:01.988367Z[0m [34mDEBUG[0m [34mspawning thread connection_coordinator[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:205 [2;3mon[0m
[2;3min[0m [1mspawn_thread_with_completion_channel[0m [2;3mwith[0m [1mthread_name[0m: "connection_coordinator"
[2;3min[0m [1mnew[0m [2;3mwith[0m [1mclass_id[0m: 6FF59A85-BC37-4CD4-70EB-965177B777AB
[2m2025-01-23T10:39:01.988495Z[0m [34mDEBUG[0m [34mspawning thread handle_outgoing_messages_0[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:205 [2;3mon[0m connection_manager
[2;3min[0m [1mspawn_thread_with_completion_channel[0m [2;3mwith[0m [1mthread_name[0m: "handle_outgoing_messages_0"
[2m2025-01-23T10:39:01.988545Z[0m [34mDEBUG[0m [1;34mclsid[0m[34m: 6FF59A85-BC37-4CD4-70EB-965177B777AB[0m
[2;3mat[0m windows_credential_provider\src\lib.rs:49 [2;3mon[0m
[2m2025-01-23T10:39:01.988595Z[0m [34mDEBUG[0m [34mspawning thread handle_incoming_messages_0[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:205 [2;3mon[0m connection_manager
[2;3min[0m [1mspawn_thread_with_completion_channel[0m [2;3mwith[0m [1mthread_name[0m: "handle_incoming_messages_0"
[2m2025-01-23T10:39:01.988631Z[0m [34mDEBUG[0m [1;34miid[0m[34m: 00000001-0000-0000-C000-000000000046[0m
[2;3mat[0m windows_credential_provider\src\lib.rs:50 [2;3mon[0m
[2m2025-01-23T10:39:01.988682Z[0m [34mDEBUG[0m [1;34miid[0m[34m: D27C3481-5A1C-45B2-8AAA-C20EBBE8229E[0m
[2;3mat[0m windows_credential_provider\src\native.rs:180 [2;3mon[0m
[2;3min[0m [1mCreateInstance[0m
[2m2025-01-23T10:39:01.988708Z[0m [34mDEBUG[0m [1;34mpipe_path[0m[34m: "\\\\.\\pipe\\6FF59A85-BC37-4CD4-70EB-965177B777AB"[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:362 [2;3mon[0m handle_outgoing_messages_0
[2;3min[0m [1mwait_and_connect_named_pipe[0m [2;3mwith[0m [1mpipe_name[0m: "6FF59A85-BC37-4CD4-70EB-965177B777AB", [1mdesired_access[0m: FILE_ACCESS_RIGHTS(1073741824)
[2;3min[0m [1mhandle_outgoing_messages[0m
[2m2025-01-23T10:39:01.988750Z[0m [32m INFO[0m [1;32mreturn[0m[32m: ()[0m
[2;3mat[0m windows_credential_provider\src\native.rs:172 [2;3mon[0m
[2;3min[0m [1mCreateInstance[0m
[2m2025-01-23T10:39:01.988837Z[0m [31mERROR[0m [31mFileSystem::CreateFileW(native_pipe_path.as_constant(), desired_access.0,
FileSystem::FILE_SHARE_NONE, None, FileSystem::OPEN_EXISTING,
Default::default(), Foundation::HANDLE::default()) failed with Error { code: HRESULT(0x80070005), message: "Access is denied." }[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:375 [2;3mon[0m handle_outgoing_messages_0
[2;3min[0m [1mwait_and_connect_named_pipe[0m [2;3mwith[0m [1mpipe_name[0m: "6FF59A85-BC37-4CD4-70EB-965177B777AB", [1mdesired_access[0m: FILE_ACCESS_RIGHTS(1073741824)
[2;3min[0m [1mhandle_outgoing_messages[0m
[2m2025-01-23T10:39:01.988879Z[0m [34mDEBUG[0m [1;34mread_pipe_name[0m[34m: "0AD27EC6-A15B-4AE2-8F52-CB557C531113"[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:236 [2;3mon[0m handle_incoming_messages_0
[2;3min[0m [1mhandle_incoming_messages[0m
[2m2025-01-23T10:39:01.988920Z[0m [34mDEBUG[0m [1;34mpipe_path[0m[34m: "\\\\.\\pipe\\0AD27EC6-A15B-4AE2-8F52-CB557C531113"[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:225 [2;3mon[0m handle_incoming_messages_0
[2;3min[0m [1mcreate_secure_local_named_pipe[0m [2;3mwith[0m [1mpipe_name[0m: "0AD27EC6-A15B-4AE2-8F52-CB557C531113", [1mread_or_write[0m: Read, [1mrestrict_to_system[0m: true, [1mmax_instances[0m: 1
[2;3min[0m [1mhandle_incoming_messages[0m
[2m2025-01-23T10:39:01.988922Z[0m [31mERROR[0m [1;31merror[0m[31m: Access is denied. (0x80070005)[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:356 [2;3mon[0m handle_outgoing_messages_0
[2;3min[0m [1mwait_and_connect_named_pipe[0m [2;3mwith[0m [1mpipe_name[0m: "6FF59A85-BC37-4CD4-70EB-965177B777AB", [1mdesired_access[0m: FILE_ACCESS_RIGHTS(1073741824)
[2;3min[0m [1mhandle_outgoing_messages[0m
[2m2025-01-23T10:39:01.988939Z[0m [34mDEBUG[0m [1;34mdacl_buffer[0m[34m: [2, 0, 28, 0, 1, 0, 0, 0, 0, 0, 20, 0, 255, 1, 31, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0][0m
[2;3mat[0m windows_credential_provider\src\utils.rs:302 [2;3mon[0m handle_incoming_messages_0
[2;3min[0m [1mcreate_secure_local_named_pipe[0m [2;3mwith[0m [1mpipe_name[0m: "0AD27EC6-A15B-4AE2-8F52-CB557C531113", [1mread_or_write[0m: Read, [1mrestrict_to_system[0m: true, [1mmax_instances[0m: 1
[2;3min[0m [1mhandle_incoming_messages[0m
[2m2025-01-23T10:39:01.988968Z[0m [31mERROR[0m [31mutils::wait_and_connect_named_pipe(class_id,
FileSystem::FILE_ACCESS_RIGHTS(Foundation::GENERIC_WRITE.0)) failed with Error { code: HRESULT(0x80070005), message: "Access is denied." }[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:206 [2;3mon[0m handle_outgoing_messages_0
[2;3min[0m [1mhandle_outgoing_messages[0m
[2m2025-01-23T10:39:01.988993Z[0m [31mERROR[0m [1;31merror[0m[31m: Failed to create named pipe[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:217 [2;3mon[0m handle_incoming_messages_0
[2;3min[0m [1mcreate_secure_local_named_pipe[0m [2;3mwith[0m [1mpipe_name[0m: "0AD27EC6-A15B-4AE2-8F52-CB557C531113", [1mread_or_write[0m: Read, [1mrestrict_to_system[0m: true, [1mmax_instances[0m: 1
[2;3min[0m [1mhandle_incoming_messages[0m
[2m2025-01-23T10:39:01.988995Z[0m [33m WARN[0m [33mIgnoring: handle_outgoing_messages(&class_id_clone,
pipe_connect_message_channel_receiver,
inner_outgoing_message_channel_receiver) failed with Access is denied. (0x80070005)[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:63 [2;3mon[0m handle_outgoing_messages_0
[2m2025-01-23T10:39:01.989009Z[0m [31mERROR[0m [31mutils::create_secure_local_named_pipe(&read_pipe_name, utils::ReadWrite::Read,
true, 1) failed with Failed to create named pipe[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:237 [2;3mon[0m handle_incoming_messages_0
[2;3min[0m [1mhandle_incoming_messages[0m
[2m2025-01-23T10:39:01.989024Z[0m [33m WARN[0m [33mIgnoring: handle_incoming_messages(credential_provider_instance_id,
pipe_connect_message_channel_sender,
inner_incoming_message_channel_sender, connection_reset_signal_clone) failed with Failed to create named pipe[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:75 [2;3mon[0m handle_incoming_messages_0
[2m2025-01-23T10:39:01.989032Z[0m [33m WARN[0m [33mrecv(inner_incoming_message_channel_receiver) -> receiving on an empty and disconnected channel[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:166 [2;3mon[0m connection_manager
[2m2025-01-23T10:39:01.989063Z[0m [33m WARN[0m [33mCancellation requested[0m
[2;3mat[0m windows_credential_provider\src\utils.rs:114 [2;3mon[0m connection_manager
[2;3min[0m [1mrequest_cancellation[0m
[2m2025-01-23T10:39:01.989080Z[0m [32m INFO[0m [32mwaiting for incoming message handler thread to exit...[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:178 [2;3mon[0m connection_manager
[2m2025-01-23T10:39:01.989085Z[0m [33m WARN[0m [33mIgnoring: connection_reset_signal_clone.cancellation_receiver().recv() failed with RecvError[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:94 [2;3mon[0m io_cancellation_handler_0
[2m2025-01-23T10:39:01.989165Z[0m [32m INFO[0m [32mwaiting for outgoing message handler thread to exit...[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:180 [2;3mon[0m connection_manager
[2m2025-01-23T10:39:01.989192Z[0m [32m INFO[0m [32mwaiting for IO cancellation thread to exit...[0m
[2;3mat[0m windows_credential_provider\src\connection_manager.rs:182 [2;3mon[0m connection_manager
[2m2025-01-23T10:39:01.989242Z[0m [34mDEBUG[0m [1;34mevent[0m[34m: Disconnect[0m
[2;3mat[0m windows_credential_provider\src\provider.rs:619 [2;3mon[0m connection_coordinator
[2;3min[0m [1mupdate[0m
Statistics: Posted by gslonline — Thu Jan 23, 2025 2:45 am — Replies 1 — Views 24