Private/Wissen/X_Technology/X21_Technology_PKI_ALPHA.ps1
|
# ? TITEL PKI # ? DESCRIPTION Public Key Infrastructure # ? TAGS PKI Certificate PFX Private Public Key # ? VERSION 2020.01.31 # ? Enhanced Key Usage (2.5.29.37) # Server Authentication = 1.3.6.1.5.5.7.3.1 # Client Authentication = 1.3.6.1.5.5.7.3.2 # Code Signing = 1.3.6.1.5.5.7.3.3 # Secure Email = 1.3.6.1.5.5.7.3.4 # IPSec End System = 1.3.6.1.5.5.7.3.5 # IPSec Tunnel = 1.3.6.1.5.5.7.3.6 # IPSec User = 1.3.6.1.5.5.7.3.7 # Timestamp Signing = 1.3.6.1.5.5.7.3.8 # OCSP Signing = 1.3.6.1.5.5.7.3.9 # Dokumentverschlüsselung = 1.3.6.1.4.1.311.80.1 # EFS CRYPTO = 1.3.6.1.4.1.311.10.3.4 # EFS RECOVERY = 1.3.6.1.4.1.311.10.3.4.1 $params = @{ FriendlyName = "AKPT Superman" Subject = "CN=_AKPT Superman (Doctor S. Man), E=s.man@krypton.universe" HashAlgorithm = "SHA512" KeyAlgorithm = "RSA" KeyLength = 4096 KeyExportPolicy = [Microsoft.CertificateServices.Commands.KeyExportPolicy]::ExportableEncrypted KeySpec = [Microsoft.CertificateServices.Commands.KeySpec]::KeyExchange CertStoreLocation = "Cert:\CurrentUser\My" Type = [Microsoft.CertificateServices.Commands.CertificateType]::Custom TextExtension = @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3,1.3.6.1.5.5.7.3.4,1.3.6.1.5.5.7.3.5,1.3.6.1.5.5.7.3.6,1.3.6.1.5.5.7.3.7,1.3.6.1.5.5.7.3.8,1.3.6.1.5.5.7.3.9,1.3.6.1.4.1.311.80.1,1.3.6.1.4.1.311.10.3.4,1.3.6.1.4.1.311.10.3.4.1", ` "2.5.29.17={text}email=s.man@krypton.universe&upn=s.man@krypton.universe") NotAfter = (Get-Date).AddYears(50) AlternateSignatureAlgorithm = $true } $myPfxCert = New-SelfSignedCertificate @params $myPfxCert | Export-PfxCertificate -Password (Read-Host -AsSecureString) -FilePath c:\temp\crypt.pfx Set-AuthenticodeSignature -Certificate $myPfxCert -FilePath C:\temp\SecureString.txt.ps1 Get-AuthenticodeSignature -FilePath C:\temp\SecureString.txt.ps1 | fl * $cryptedText = "Hallo Würzburg!" | Protect-CmsMessage -To $myPfxCert $cryptedText $cryptedText | Unprotect-CmsMessage -To $myPfxCert |