Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Generating an RSA key pair in powershell

I want to generate an RSA public private key pair in powershell without using external software and I want to test it. It should be able to encrypt/decrypt data on any online public/private key verification service.

Purpose- Strictly Educational. I'm very well aware that you shouldn't export your private key online for security purposes.

So far I've tried ssh-keygen and

$RSA = New-Object System.Security.Cryptography.RSACryptoServiceProvider(2048)
[System.Convert]::ToBase64String($rsa.ExportCspBlob(1))
[System.Convert]::ToBase64String($rsa.ExportCspBlob(0))

System.Security.Cryptography.RSACryptoServiceProvider creates P, Q etc. all the raw material for calculating public/private key, but I don't want the raw material.

ExportCspBlob(x) provides a key, but when I try to verify it online, the key pair verification fails.

So, is there any way to create RSA public private key pair in powershell without using any external programs, which can be directly copy-pasted into a certificate format(the one with -----BEGIN PRIVATE KEY---- stuff)?

like image 731
Jaspal Singh Avatar asked Mar 21 '19 15:03

Jaspal Singh


1 Answers

If you just want to implement Public Key encryption/decryption with powershell, there are built-in tools for that. To generate key pair just use New-SelfSignedCertificate cmdlet, then you can use generated certificate to encrypt/decrypt data using Protect/Unprotect-CmsMessage (this is PGP-like cmdlets, meaning you don't have to deal with symmetric key part yourself). Then to share or move keys to other machines you can use Import/Export-Certificate cmdlets. See the example below

$store = "cert:\CurrentUser\My"

$params = @{
 CertStoreLocation = $store
 Subject = "CN=Test1"
 KeyLength = 2048
 KeyAlgorithm = "RSA" 
 KeyUsage = "DataEncipherment"
 Type = "DocumentEncryptionCert"
}

# generate new certificate and add it to certificate store
$cert = New-SelfSignedCertificate @params


# list all certs 
# Get-ChildItem -path $store

# Encryption / Decryption

$message = "My secret message"

$cipher = $message  | Protect-CmsMessage -To "CN=Test1" 
Write-Host "Cipher:" -ForegroundColor Green
$cipher

Write-Host "Decrypted message:" -ForegroundColor Green
$cipher | Unprotect-CmsMessage


# Exporting/Importing certificate

$pwd = ("P@ssword" | ConvertTo-SecureString -AsPlainText -Force)
$privateKey = "$home\Documents\Test1.pfx"
$publicKey = "$home\Documents\Test1.cer"

# Export private key as PFX certificate, to use those Keys on different machine/user
Export-PfxCertificate -FilePath $privateKey -Cert $cert -Password $pwd

# Export Public key, to share with other users
Export-Certificate -FilePath $publicKey -Cert $cert

#Remove certificate from store
$cert | Remove-Item

# Add them back:
# Add private key on your machine
Import-PfxCertificate -FilePath $privateKey -CertStoreLocation $store -Password $pwd

# This is for other users (so they can send you encrypted messages)
Import-Certificate -FilePath $publicKey -CertStoreLocation $store
like image 179
Mike Twc Avatar answered Oct 22 '22 06:10

Mike Twc