Using a Yubikey for PowerShell CodeSigning

Intro I have a public codesigning certificate issued by DigiCert. I want to be able to sign my PowerShell scripts anywhere, for example when I’m at a customer, but it’s a hassle having to move the code to where I have my code signing certificate just to sign it. I’ve been experimenting with build jobs in VSTS so if I check in a script a build job will automatically sign it for me, but that requires access to internet and VSTS.

Set up Yubikey for PowerShell Code Signing

Intro As I wrote in my previous post Using a Yubikey for PowerShell CodeSigning I’m using a Yubikey to store my code signing certificate. This way I can easily carry my cert with me, use it on different computers and not have to worry about losing my private key. In this post, I’m describing how I set up my Yubikey. Setting up the key The Yubikey has a small command line tool called the “piv-tool”, it’s downloadable from Yubico’s website.