Thanks to Tyler Siegrist for his AES encrypt/decrypt functions and Michel I. Gallant Ph.D. for opensslkey.cs.
https://gallery.technet.microsoft.com/scriptcenter/EncryptDecrypt-files-use-65e7ae5d http://www.jensign.com/opensslkey/index.html
Link To EncryptDecrypt Module:
https://github.com/pldmgg/misc-powershell/tree/master/MyModules/EncryptDecrypt
The big highlights of my new module are the “New-EncryptedFile” and “Decrypt-EncryptedFile” functions. They are capable of RSA and/or AES encryption/decryption of a String, Array of Strings, File, and/or Files in a Directory (optionally recursive).
I’m not going to go into great detail in this post since you should really really read the help text for these functions before using them. But I will say a few things to calm nerves:
-
No original files are ever touched. Only new encrypted files are created.
-
There is a 0% chance that you will be unable to decrypt anything you encrypt with the New-EncryptedFile function unless you intentionally delete the corresponding certificate in your Cert:LocalMachineMy Store and delete the .pfx file backup on your file system and delete the AES Key file on your filesystem (if one is needed for encryption).
I want to stress once again – please use these functions responsibly and read the help text for these functions before using them.
.EXAMPLE
String Encryption Example NOTE: If neither -PathToCertFile nor -CNOfCertInStore parameters are used, a NEW Self-Signed Certificate is created and added to Cert:LocalMachineMy PS C:Userszeroadmin> New-EncryptedFile -ContentType "String" -ContentToEncrypt "MyPLaInTeXTPwd321!" -FileToOutput $HOMEMyPwd.txt FileEncryptedViaRSA : C:UserszeroadminMyPwd.txt.rsaencrypted FileEncryptedViaAES : OriginalFile : CertficateUsedForRSAEncryption : [Subject] CN=MyPwd [Issuer] CN=MyPwd [Serial Number] 6BD1BF9FACE6F0BB4EFFC31597E9B970 [Not Before] 6/2/2017 10:39:31 AM [Not After] 6/2/2018 10:59:31 AM [Thumbprint] 34F3526E85C04CEDC79F26C2B086E52CF75F91C3 LocationOfCertUsedForRSAEncryption : Cert:LocalMachineMy UnprotectedAESKey : RSAEncryptedAESKey : RSAEncryptedAESKeyLocation : AllFileOutputs : C:UserszeroadminMyPwd.txt.rsaencrypted .EXAMPLE
Directory Encryption Example NOTE: If neither -PathToCertFile nor -CNOfCertInStore parameters are used, a NEW Self-Signed Certificate is created and added to Cert:LocalMachineMy PS C:Userszeroadmin> New-EncryptedFile -ContentType Directory -ContentToEncrypt C:Userszeroadmintempdir Please enter the desired CN for the new Self-Signed Certificate: TempDirEncryption FilesEncryptedViaRSA : FilesEncryptedViaAES : {C:Userszeroadmintempdiragricola.txt.aesencrypted, C:Userszeroadmintempdirdolor.txt.aesencrypted, C:Userszeroadmintempdirlorumipsum.txt.aesencrypted} OriginalFiles : {C:Userszeroadmintempdiragricola.txt.original, C:Userszeroadmintempdirdolor.txt.original, C:Userszeroadmintempdirlorumipsum.txt.original} CertficateUsedForRSAEncryption : [Subject] CN=TempDirEncryption [Issuer] CN=TempDirEncryption [Serial Number] 52711274E381F592437E8C18C7A3241C [Not Before] 6/2/2017 10:57:26 AM [Not After] 6/2/2018 11:17:26 AM [Thumbprint] F2EFEBB37C37844A230961447C7C91C1DE13F1A5 LocationOfCertUsedForRSAEncryption : Cert:LocalMachineMy UnprotectedAESKey : BKcLSwqZjSq/D1RuqBGBxZ0dng+B3JwrWJVlhqgxrmo= RSAEncryptedAESKey : sUshzhMfrbO5FgOGw1Nsx9g5hrnsdUHsJdx8SltK8UeNcCWq8Rsk6dxC12NjrxUSHTSrPYdn5UycBqXB+PNltMebAj80I3Zsh5xRsSbVRSS+fzgGJTUw7ya98J 7vKISUaurBTK4C4Czh1D2bgT7LNADO7qAUgbnv+xdqxgIexlOeNsEkzG10Tl+DxkUVgcpJYbznoTXPUVnj9AZkcczRd2EWPcV/WZnTZwmtH+Ill7wbXSG3R95d dbQLZfO0eOoBB/DAYWcPkifxJf+20s25xA8MKl7pNpDUbVhGhp61VCaaEqr6QlgihtluqWZeRgHEY3xSzz/UVHhzjCc6Rs9aPw== RSAEncryptedAESKeyLocation : C:Userszeroadmintempdirtempdir.aeskey.rsaencrypted AllFileOutputs : {C:Userszeroadmintempdiragricola.txt.aesencrypted, C:Userszeroadmintempdirdolor.txt.aesencrypted, C:Userszeroadmintempdirlorumipsum.txt.aesencrypted, C:Userszeroadmintempdiragricola.txt.original...} .EXAMPLE
Decrypting an Encrypted String without File Outputs PS C:Userszeroadmin> $EncryptedStringTest = Get-Content C:UserszeroadminotherMySecret.txt.rsaencrypted PS C:Userszeroadmin> Decrypt-EncryptedFile -ContentType String -ContentToDecrypt $EncryptedStringTest -PathToCertFile C:UserszeroadminotherArrayOfStrings.pfx -NoFileOutput Doing RSA Decryption DecryptedFiles : FailedToDecryptFiles : {} CertUsedDuringDecryption : [Subject] CN=ArrayOfStrings [Issuer] CN=ArrayOfStrings [Serial Number] 32E38D18591854874EC467B73332EA76 [Not Before] 6/1/2017 4:13:36 PM [Not After] 6/1/2018 4:33:36 PM [Thumbprint] C8CC2B8B03E33821A69B35F10B04D74E40A557B2 PFXCertUsedForPrivateKeyExtraction : C:UserszeroadminPrivateKeyExtractionTempDirArrayOfStrings.pfx LocationOfCertUsedDuringDecryption : C:UserszeroadminotherArrayOfStrings.pfx UnprotectedAESKey : LocationOfAESKey : AllFileOutputs : DecryptedContent : THisISmYPWD321! .EXAMPLE
Decrypting All Files in a Directory PS C:Userszeroadmin> Decrypt-EncryptedFile -ContentType Directory -ContentToDecrypt C:Userszeroadmintempdir -Recurse -CNofCertInStore TempDirEncryption -AESKeyLocation C:Userszeroadmintempdirtempdir.aeskey.rsaencrypted Doing AES Decryption DecryptedFiles : {C:Userszeroadmintempdirdolor.txt.aesencrypted.decrypted, C:Userszeroadmintempdirtempdir1agricola.txt.aesencrypted.decrypted, C:Userszeroadmintempdirtempdir.aeskey.rsaencrypted.decrypted} FailedToDecryptFiles : {C:Userszeroadmintempdirdolor.txt.original, C:Userszeroadmintempdirtempdir1agricola.txt.original} CertUsedDuringDecryption : [Subject] CN=TempDirEncryption [Issuer] CN=TempDirEncryption [Serial Number] 52711274E381F592437E8C18C7A3241C [Not Before] 6/2/2017 10:57:26 AM [Not After] 6/2/2018 11:17:26 AM [Thumbprint] F2EFEBB37C37844A230961447C7C91C1DE13F1A5 PFXCertUsedForPrivateKeyExtraction : C:UserszeroadminPrivateKeyExtractionTempDirTempDirEncryption.pfx LocationOfCertUsedDuringDecryption : Cert:LocalMachineMy UnprotectedAESKey : BKcLSwqZjSq/D1RuqBGBxZ0dng+B3JwrWJVlhqgxrmo= LocationOfAESKey : C:Userszeroadmintempdirtempdir.aeskey.rsaencrypted AllFileOutputs : {C:Userszeroadmintempdirdolor.txt.aesencrypted.decrypted, C:Userszeroadmintempdirtempdir1agricola.txt.aesencrypted.decrypted, C:Userszeroadmintempdirtempdir.aeskey.rsaencrypted.decrypted, C:UserszeroadminPrivateKeyExtractionTempDirTempDirEncryption.pfx} DecryptedContent : {1914 translation by H. Rackham, , "But I must explain to you how all this mistaken idea of denouncing pleasure and praising pain was born and I will give you a complete account of the system, and expound the actual teachings of the great explorer of the truth, the master-builder of human happiness. No one rejects, dislikes, or avoids pleasure itself, because it is pleasure, but because those who do not know how to pursue pleasure rationally encounter consequences that are extremely painful. Nor again is there anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain some advantage from it? But who has any right to find fault with a man who chooses to enjoy a pleasure that has no annoying consequences, or one who avoids a pain that produces no resultant pleasure?", ...} submitted by /u/fourierswager
[link] [comments]
The post EncryptDecrypt Module – Hybrid RSA/AES Encryption solution with PowerShell. Please use responsibly. appeared first on How to Code .NET.