Security.psm1
|
#region Functions #region Encrypt-String Function Encrypt-String { #region Help <# .Synopsis Encrypt a string. .DESCRIPTION Encrypt a string using a certificate. .EXAMPLE PS C:\> $certificateThumbprint 877D9E1EC875B2E7BF8C53151099758FBD9825C3 PS C:\> $Encrypted = Encrypt-String -CertificateThumbprint "877D9E1EC875B2E7BF8C53151099758FBD9825C3" -String "MyPassword" -CertificateStore CurrentUser PS C:\> $encrypted X8t3J+rDKR7emwn64svbxEp5y/XXSHDQsykugcQDtFAZDQ/4EKC9Z7FS02W3RvwIVsxEk1bVLwzBjDJ3JDy3b0PzaX2X6bi3iFrao5bYUg7cMN5xeCJoozgrj2ZU4orYA/LFpfAyYSCdzvKF3MYXbu3LWmQkUaMkzsonUsGHw6MX+SqH5uGtts2/uY2I9iJ2GLQSNLOKWdwBbiUH+LYyiAWLELD6O1rfwudw9gRjH3zl61SbN5oYS/TvBJlCWCYISO dCR66TjQ6nYYp6BhyUBH3J1wb/059B6i5hMvP8XM9WazZH/0h3uB/RLxOQXnN0zPx6QXc4T274Hp724wXfh5DX2zgOZizopYY2ujKElg0XItaJfxi9L00TPW6ZL4+JVZhfTRUV2+16hAE58eGJ8pchUSm/ZgQFsUx0+vWCz/uy4cNxz5CIDn3ORVyHJ8IWlYH5bTUHU4sd0I+gbkdEs7bxOytMwM5rF8LQMdDx8frr2mOIsqxwR1RAp2eMWXpA+Dh2 2N8fGioKLFPN0F8HzPlEtbTrLRc6UawwRSfP6wRQqXWR8FMBOUYXFA24gUQXpLoxCMULMQ0m3A/bBkAcB3Mxr9BhFknVfsa10CaxQdgPBc1brTOOXflm+HKw9waftHgbDKFNMIqx66cYRzwsnJIJ0yP0rCVIJ3Jq7tDVd14= PS C:\> $decrypted = Decrypt-String -CertificateThumbprint "877D9E1EC875B2E7BF8C53151099758FBD9825C3" -EncryptedString $encrypted -CertificateStore CurrentUser PS C:\> $decrypted MyPassword PS C:\> .INPUTS [System.String] .OUTPUTS [System.String] #> #endregion #region Parameters [cmdletBinding()] [OutputType([String])] Param ( # The thumbprint of the certificate to use [Parameter(Mandatory = $true, Position = 0)] [string] $CertificateThumbprint, # The string to encrypt [Parameter(Mandatory = $true, Position = 1)] [string] $String, # The store the certificate is located under [Parameter(Mandatory = $false, Position = 2)] [ValidateSet('CurrentUser', 'LocalMachine')] [string] $CertificateStore = 'CurrentUser' ) #endregion #region Certificate checks try { $Certificate = Get-Item -Path "Cert:\$CertificateStore\My\$certificateThumbprint" -ErrorAction Stop } catch { Throw "Could not find the certificate." } #endregion #region Data encryption $EncodedString = [system.text.encoding]::UTF8.GetBytes($String) $EncryptedBytes = $Certificate.PublicKey.Key.Encrypt($EncodedString, $true) $EncryptedString = [System.Convert]::ToBase64String($EncryptedBytes) #endregion return $EncryptedString } #endregion #region Decrypt-String Function Decrypt-String { #region Help <# .Synopsis Encrypt a string. .DESCRIPTION Encrypt a string using a certificate. .EXAMPLE PS C:\> $certificateThumbprint 877D9E1EC875B2E7BF8C53151099758FBD9825C3 PS C:\> $Encrypted = Encrypt-String -CertificateThumbprint "877D9E1EC875B2E7BF8C53151099758FBD9825C3" -String "MyPassword" -CertificateStore CurrentUser PS C:\> $encrypted X8t3J+rDKR7emwn64svbxEp5y/XXSHDQsykugcQDtFAZDQ/4EKC9Z7FS02W3RvwIVsxEk1bVLwzBjDJ3JDy3b0PzaX2X6bi3iFrao5bYUg7cMN5xeCJoozgrj2ZU4orYA/LFpfAyYSCdzvKF3MYXbu3LWmQkUaMkzsonUsGHw6MX+SqH5uGtts2/uY2I9iJ2GLQSNLOKWdwBbiUH+LYyiAWLELD6O1rfwudw9gRjH3zl61SbN5oYS/TvBJlCWCYISO dCR66TjQ6nYYp6BhyUBH3J1wb/059B6i5hMvP8XM9WazZH/0h3uB/RLxOQXnN0zPx6QXc4T274Hp724wXfh5DX2zgOZizopYY2ujKElg0XItaJfxi9L00TPW6ZL4+JVZhfTRUV2+16hAE58eGJ8pchUSm/ZgQFsUx0+vWCz/uy4cNxz5CIDn3ORVyHJ8IWlYH5bTUHU4sd0I+gbkdEs7bxOytMwM5rF8LQMdDx8frr2mOIsqxwR1RAp2eMWXpA+Dh2 2N8fGioKLFPN0F8HzPlEtbTrLRc6UawwRSfP6wRQqXWR8FMBOUYXFA24gUQXpLoxCMULMQ0m3A/bBkAcB3Mxr9BhFknVfsa10CaxQdgPBc1brTOOXflm+HKw9waftHgbDKFNMIqx66cYRzwsnJIJ0yP0rCVIJ3Jq7tDVd14= PS C:\> $decrypted = Decrypt-String -CertificateThumbprint "877D9E1EC875B2E7BF8C53151099758FBD9825C3" -EncryptedString $encrypted -CertificateStore CurrentUser PS C:\> $decrypted MyPassword PS C:\> .INPUTS [System.String] .OUTPUTS [System.String] #> #endregion #region Parameters [cmdletBinding()] [OutputType([String])] Param ( # The thumbprint of the certificate to use [Parameter(Mandatory = $true, Position = 0)] [string] $CertificateThumbprint, # The encrypted string to decrypt [Parameter(Mandatory = $true, Position = 1)] [string] $EncryptedString, # The store the certificate is located under [Parameter(Mandatory = $false, Position = 2)] [ValidateSet('CurrentUser', 'LocalMachine')] [string] $CertificateStore = 'CurrentUser' ) #endregion #region Certificate checks try { $Certificate = Get-Item -Path "Cert:\$CertificateStore\My\$certificateThumbprint" -ErrorAction Stop } catch { Write-Error "Could not find the certificate." return } # Check if the certificate has a private key if($Certificate.HasPrivateKey -ne $true) { Write-Error "The certificate does have a private key." return } # Check if the private key is available if($Certificate.PrivateKey -eq $null) { Write-Error "Could not access the private key of the certificate. Please try running PowerShell with elevated privileges." return } #endregion #region Data decryption $EncryptedBytes = [System.Convert]::FromBase64String($EncryptedString) $DecryptedBytes = $Certificate.PrivateKey.Decrypt($EncryptedBytes, $true) $DecryptedString = [system.text.encoding]::UTF8.GetString($DecryptedBytes) #endregion return $DecryptedString } #endregion #region New-StringEncryptionCertificate function New-StringEncryptionCertificate { #region Help <# .Synopsis Create a certificate to encrypt strings. .DESCRIPTION Create a self signed certificate for encrypting and decrypting strings. .EXAMPLE PS C:\> New-StringEncryptionCertificate -Name "test" -CertificateStore CurrentUser PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\my Thumbprint Subject ---------- ------- BFF5E290E5ACE5E8958A414662BD62412EC09EE1 CN=test PS C:\> #> #endregion #region Parameters [CmdletBinding()] Param ( # The name of the certificate [Parameter(Mandatory=$true, Position=0)] [ValidateNotNullOrEmpty()] [string] $Name, # The store to save the certificate to. [Parameter(Mandatory=$true, Position=0)] [ValidateSet('CurrentUser', 'LocalMachine')] [string] $CertificateStore = 'CurrentUser' ) New-SelfSignedCertificate -CertStoreLocation cert:\$CertificateStore\my ` -DnsName $Name ` -FriendlyName $Name ` -KeyLength 4096 ` -KeyExportPolicy Exportable ` -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` -NotBefore (Get-Date) ` -NotAfter (Get-Date).AddYears(100) } #endregion #endregion #endregion #region Exports Export-ModuleMember -Function Encrypt-String Export-ModuleMember -Function Decrypt-String Export-ModuleMember -Function New-StringEncryptionCertificate #endregion |