Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Function Get-IDGSecureChannelConfig {
- $cfg = "" | select Password,RootFolder,PfxFile,CertCN,BCUrl,BCZipFile,BCFolder,BCDll,KeySize
- $cfg.Password = "Password1"
- $cfg.RootFolder = join-path $env:TEMP "Neptune Magic Stuff"
- $cfg.PfxFile = Join-Path $cfg.RootFolder "IDGcert.pfx"
- $cfg.CertCN = "IDG Secure Channel cert"
- $cfg.KeySize = 2048
- $cfg.BCUrl = "http://www.bouncycastle.org/csharp/download/bccrypto-net-1.7-bin.zip"
- $cfg.BCZipFile = Join-Path $cfg.RootFolder "bc.zip"
- $cfg.BCFolder = Join-Path $cfg.RootFolder "bc"
- $cfg.BCDll = Join-Path $cfg.BCFolder "BouncyCastle.Crypto.dll"
- mkdir $cfg.BCFolder -force -ErrorAction SilentlyContinue | Out-Null
- $cfg
- }
- Function Get-IDGSecureChannelPublicKey {
- [cmdletbinding()]
- Param()
- $cfg = Get-IDGSecureChannelConfig
- if( -not (test-path $cfg.BCDll)) {
- Write-Verbose "Downloading BouncyCastle Crypto API..."
- $wc = new-object System.Net.WebClient
- $wc.DownloadFile($cfg.BCUrl ,$cfg.BCZipFile)
- # System.IO.Compression.FileSystem only in .NET 4.5
- #add-type -AssemblyName System.IO.Compression.FileSystem | out-null
- #[io.compression.zipfile]::ExtractToDirectory($cfg.BCZipFile,$cfg.BCFolder)
- $shellCom = New-Object -ComObject Shell.Application
- $filesInZip = $shellCom.NameSpace($cfg.BCZipFile).items()
- $shellCom.NameSpace($cfg.BCFolder).Copyhere($filesInZip)
- }
- Write-Verbose "Loading BouncyCastle Crypto API..."
- Add-Type -Path $cfg.BCDll | out-null
- if( -not (test-path $cfg.PfxFile)) {
- Write-Verbose "No PFX File, creating new PFX file..."
- $keyGen = New-Object Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator
- $secRandom = new-object Org.BouncyCastle.Security.SecureRandom
- $KeyGenParam = new-object Org.BouncyCastle.Crypto.KeyGenerationParameters $secRandom,$cfg.KeySize
- $keyGen.Init($KeyGenParam)
- $keys = $keygen.GenerateKeyPair()
- $certGen = New-Object Org.BouncyCastle.X509.X509V3CertificateGenerator
- $dnName = New-Object Org.BouncyCastle.Asn1.X509.X509Name("CN=$($cfg.CertCN)")
- $now = [DateTime]::Today
- $certGen.SetSerialNumber([Org.BouncyCastle.Math.BigInteger]::ValueOf(1));
- $certGen.SetIssuerDN($dnName);
- $certGen.SetNotBefore($now);
- $certGen.SetNotAfter($now.AddYears(1));
- $certGen.SetSubjectDN($dnName);
- $certGen.SetPublicKey($keys.Public);
- $certGen.SetSignatureAlgorithm("SHA1WITHRSA");
- $cert = $certGen.Generate($keys.Private);
- $store = New-Object Org.BouncyCastle.Pkcs.Pkcs12Store
- $keyEntry = new-object Org.BouncyCastle.Pkcs.AsymmetricKeyEntry $keys.Private
- $certArray = New-Object Org.BouncyCastle.Pkcs.X509CertificateEntry[] 1
- $certArray[0] = New-Object Org.BouncyCastle.Pkcs.X509CertificateEntry $cert
- $store.SetKeyEntry($cfg.CertCN, $keyEntry, $certArray);
- $stream = New-Object System.IO.MemoryStream
- $store.Save($stream, $cfg.Password.ToCharArray(), $secRandom);
- $stream.Flush()
- $length = [int]$stream.Position
- [byte[]]$data = $stream.GetBuffer()
- $stream.Close()
- $stream.Dispose()
- $fstream = [IO.File]::Create($cfg.PfxFile)
- $fstream.Write($data, 0, $data.Length)
- $fstream.Close()
- $fstream.Dispose()
- } else {
- Write-Verbose "Has PFX File, loading cert from PFX file..."
- $stream = [IO.File]::OpenRead($cfg.PfxFile)
- $store = New-Object Org.BouncyCastle.Pkcs.Pkcs12Store
- $store.Load($stream, $cfg.Password.ToCharArray())
- $stream.Close()
- $stream.Dispose()
- $certContainer = $store.GetCertificate($cfg.CertCN)
- $cert = $certContainer.Certificate
- }
- $pubKeyObj = ""| select PublicKey
- $pubKeyObj.PublicKey = [convert]::ToBase64String($cert.GetPublicKey().Modulus.ToByteArray())
- $pubKeyObj
- }
- Function ConvertTo-IDGSecureChannelString {
- param(
- [Parameter(Mandatory=$true)]
- [string]$PublicKey,
- [Parameter(Mandatory=$true,ValueFromPipeLine=$true)]
- [string]$Message
- )
- $modulusBytes = [convert]::FromBase64String($PublicKey)
- $modulus = New-Object Org.BouncyCastle.Math.BigInteger @(,$modulusBytes)
- $exponent = [Org.BouncyCastle.Math.BigInteger]::ValueOf(65537)
- $rsaKeyParams = New-Object Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters $false,$modulus,$exponent
- $rsaEngine = New-Object Org.BouncyCastle.Crypto.Engines.RsaEngine
- $rsaEngine.Init($true,$rsaKeyParams)
- $messageData = [System.Text.UTF8Encoding]::UTF8.GetBytes($message)
- $inputBlockSize=$rsaEngine.getInputBlockSize() # ??????????? + 1
- $offset = 0
- $continue=$true
- $stream = New-Object System.IO.MemoryStream
- do {
- if(($offset +1) * $inputBlockSize -lt $messageData.Length) {
- $toRead = $inputBlockSize
- } else {
- $toRead = $messageData.Length - $offset * $inputBlockSize
- $continue=$false
- }
- $encryptedBuffer = $rsaEngine.processBlock($messageData,$offset * $inputBlockSize ,$toRead);
- $stream.Write($encryptedBuffer,0,$encryptedBuffer.Length)
- $offset++
- } while($continue)
- $stream.Flush()
- $encryptedData = $stream.GetBuffer()
- $stream.Close()
- $stream.Dispose()
- $encryptedString = [convert]::ToBase64String($encryptedData)
- $encryptedString
- }
- Function ConvertFrom-IDGSecureChannelString {
- param(
- [Parameter(Mandatory=$true,ValueFromPipeLine=$true)]
- [string]$IDGSecureChannelString
- )
- $cfg = Get-IDGSecureChannelConfig
- $stream = [IO.File]::OpenRead($cfg.PfxFile)
- $store = New-Object Org.BouncyCastle.Pkcs.Pkcs12Store
- $store.Load($stream, $cfg.Password.ToCharArray())
- $stream.Close()
- $stream.Dispose()
- $privKey = $store.GetKey($cfg.CertCN).Key
- $rsaKeyParams = New-Object Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters $true,$privKey.Modulus,$privKey.Exponent
- $rsaEngine = New-Object Org.BouncyCastle.Crypto.Engines.RsaEngine
- $rsaEngine.Init($false,$rsaKeyParams)
- $messageData = [convert]::FromBase64String($IDGSecureChannelString)
- $inputBlockSize=$rsaEngine.getInputBlockSize() # ??????????? + 1
- $offset = 0
- $continue=$true
- $stream = New-Object System.IO.MemoryStream
- do {
- if(($offset +1) * $inputBlockSize -lt $messageData.Length) {
- $toRead = $inputBlockSize
- } else {
- $toRead = $messageData.Length - $offset * $inputBlockSize
- $continue=$false
- }
- $decryptedBuffer = $rsaEngine.processBlock($messageData,$offset * $inputBlockSize ,$toRead);
- $stream.Write($decryptedBuffer,0,$decryptedBuffer.Length)
- $offset++
- } while($continue)
- $stream.Flush()
- $decryptedData = $stream.GetBuffer()
- $stream.Close()
- $stream.Dispose()
- $decryptedString = [System.Text.UTF8Encoding]::UTF8.GetString($decryptedData)
- if($decryptedString.IndexOf("`0") -gt -1){
- $decryptedString = $decryptedString.Substring(0,$decryptedString.IndexOf("`0"))
- }
- $decryptedString
- }
- Export-ModuleMember -Function "Get-IDGSecureChannelPublicKey","ConvertFrom-IDGSecureChannelString","ConvertTo-IDGSecureChannelString"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement