Windows – digitally sign JScript (.js) or VBScript (.vbs) files

digital-signaturejscriptvbscriptwindowswsh

I know that one can sign a Windows binary executable file using signtool. So all this time I was under assumption that one cannot sign any of the files interpreted by Windows Script Host, such as JScript (.js) or VBScript (.vbs) because those are mere text files.

But today, while opening a .js file that I downloaded off my web site, I was greeted by this warning:

So does this mean that there's a way to sign those .js/.vbs files? If so, then how?

Best Answer

Just to finalize my original question. The answer is yes. To the best of my knowledge, one can sign the following files using Microsoft's SignTool:

Obviously Windows executables: .exe, .dll, .com (for old DOS format), .scr (for screensaver), .ocx (for ActiveX control), .cpl (for Control Panel executable.)
Windows installer files: .msi, .msp
Text-based scripts: .js (for JScript), .vbs (for VBScript), .jse (for encoded JScript), .vbe (for encoded VBScript)
PowerShell scripts: .ps1 , .psm1, .ps1xml
Windows Script Files: .wsf (with mixed content)

Related Solutions

Base64 Encode String in VBScript

I was originally using some VBScript code from Antonin Foller: Base64 Encode VBS Function and Base64 Decode VBS Function.

Searching Antonin's site, I saw he had some code for quoted printable encoding, using the CDO.Message object, so I tried that.

Finally, I ported the code mentioned in Mark's answer to VBScript (also used some code from this SO question), and used the Stream___StringToBinary and Stream_BinaryToString functions from Antonin's site to get functions that used MSXML encoding.

I ran a quick test to measure the encoding time for a 1,500 character message (the average message size I need to send to my web service) across all four methods:

Native VBScript (VBScript)
Quoted Printable, using CDO.Message (QP)
Quoted Printable Binary, using CDO.Message (QP Binary)
MSXML/ADODB.Stream (MSXML)

Here are the results:

Iterations   : 10,000
Message Size :  1,500

+-------------+-----------+
+ Method      | Time (ms) + 
+-------------+-----------+
| VBScript    |   301,391 |
+-------------+-----------+
| QP          |    12,922 |
+-------------+-----------+
| QP (Binary) |    13,953 |
+-------------+-----------+
| MSXML       |     3,312 |
+-------------+-----------+

I also monitored the memory utilization (Mem Usage for the cscript.exe process in the Windows Task Manager) while the test was running. I don't have any raw numbers, but the memory utilization for both the quoted printable and MSXML solutions were below the VBScript solution (7,000K for the former, around 16,000K for VBScript).

I decided to go with the MSXML solution for my driver. For those interested, here's the code I'm using:

base64.vbs
Function Base64Encode(sText)
    Dim oXML, oNode

    Set oXML = CreateObject("Msxml2.DOMDocument.3.0")
    Set oNode = oXML.CreateElement("base64")
    oNode.dataType = "bin.base64"
    oNode.nodeTypedValue =Stream_StringToBinary(sText)
    Base64Encode = oNode.text
    Set oNode = Nothing
    Set oXML = Nothing
End Function

Function Base64Decode(ByVal vCode)
    Dim oXML, oNode

    Set oXML = CreateObject("Msxml2.DOMDocument.3.0")
    Set oNode = oXML.CreateElement("base64")
    oNode.dataType = "bin.base64"
    oNode.text = vCode
    Base64Decode = Stream_BinaryToString(oNode.nodeTypedValue)
    Set oNode = Nothing
    Set oXML = Nothing
End Function

'Stream_StringToBinary Function
'2003 Antonin Foller, http://www.motobit.com
'Text - string parameter To convert To binary data
Function Stream_StringToBinary(Text)
  Const adTypeText = 2
  Const adTypeBinary = 1

  'Create Stream object
  Dim BinaryStream 'As New Stream
  Set BinaryStream = CreateObject("ADODB.Stream")

  'Specify stream type - we want To save text/string data.
  BinaryStream.Type = adTypeText

  'Specify charset For the source text (unicode) data.
  BinaryStream.CharSet = "us-ascii"

  'Open the stream And write text/string data To the object
  BinaryStream.Open
  BinaryStream.WriteText Text

  'Change stream type To binary
  BinaryStream.Position = 0
  BinaryStream.Type = adTypeBinary

  'Ignore first two bytes - sign of
  BinaryStream.Position = 0

  'Open the stream And get binary data from the object
  Stream_StringToBinary = BinaryStream.Read

  Set BinaryStream = Nothing
End Function

'Stream_BinaryToString Function
'2003 Antonin Foller, http://www.motobit.com
'Binary - VT_UI1 | VT_ARRAY data To convert To a string 
Function Stream_BinaryToString(Binary)
  Const adTypeText = 2
  Const adTypeBinary = 1

  'Create Stream object
  Dim BinaryStream 'As New Stream
  Set BinaryStream = CreateObject("ADODB.Stream")

  'Specify stream type - we want To save binary data.
  BinaryStream.Type = adTypeBinary

  'Open the stream And write binary data To the object
  BinaryStream.Open
  BinaryStream.Write Binary

  'Change stream type To text/string
  BinaryStream.Position = 0
  BinaryStream.Type = adTypeText

  'Specify charset For the output text (unicode) data.
  BinaryStream.CharSet = "us-ascii"

  'Open the stream And get text/string data from the object
  Stream_BinaryToString = BinaryStream.ReadText
  Set BinaryStream = Nothing
End Function

How to change cscript.exe to wscript.exe execution for all VBScript files

You can change the default scripting host to wscript.exe like so:

wscript.exe //H:wscript

If you wish to set cscript as the default host, that works in the same way:

wscript.exe //H:cscript

You can execute cscript.exe with the same arguments for the same result.

Best Answer

Related Solutions

Base64 Encode String in VBScript

How to change cscript.exe to wscript.exe execution for all VBScript files

Related Topic