我无法找到使用非对称加密的良好PowerShell功能,所以我创建了以下内容。想要改进方面的任何反馈,因为我是一个加密菜鸟。需要注意的是,这些功能非常基本。没有错误检查,并且几乎不需要解密后的写主机。只是想在添加受保护的内存之类的东西之前建立核心功能。
这已在两个系统上成功测试:Win8 w / Powershell v3& Win2008R2 w / Powershell v2。
Function Encrypt-Asymmetric([string]$Encrypt,[string]$CertPath,[string]$XmlExportPath)
{
# Encrypts a string with a public key
$pubcer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertPath)
$byteval = [System.Text.Encoding]::UTF8.GetBytes($Encrypt)
$pubcer.PublicKey.Key.Encrypt($byteval,$true) | Export-Clixml -Path $XmlExportPath
}
Function Decrypt-Asymmetric([string]$XmlPath,[string]$CertThumbprint)
{
# Decrypts cipher text using the private key
# Assumes the certificate is in the LocalMachine store
$store = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)
$store.open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
$cer = $store.Certificates | %{if($_.thumbprint -eq $CertThumbprint){$_}}
$ciphertext = Import-Clixml -Path $XmlPath
$decryptedBytes = $cer.PrivateKey.Decrypt($ciphertext,$true)
$ClearText = [System.Text.Encoding]::UTF8.GetString($decryptedBytes)
Write-Host $ClearText
}
答案 0 :(得分:6)
我知道这是旧的。我采取了你在这里的起点,并添加了一些项目。我试图在适当的地方进行清理,并使用变量名称,这些名称可能会让某些人更容易理解这些内容。
加密:
Function Encrypt-Asymmetric {
[CmdletBinding()]
[OutputType([System.String])]
param(
[Parameter(Position=0, Mandatory=$true)][ValidateNotNullOrEmpty()][System.String]
$ClearText,
[Parameter(Position=1, Mandatory=$true)][ValidateNotNullOrEmpty()][ValidateScript({Test-Path $_ -PathType Leaf})][System.String]
$PublicCertFilePath
)
# Encrypts a string with a public key
$PublicCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($PublicCertFilePath)
$ByteArray = [System.Text.Encoding]::UTF8.GetBytes($ClearText)
$EncryptedByteArray = $PublicCert.PublicKey.Key.Encrypt($ByteArray,$true)
$EncryptedBase64String = [Convert]::ToBase64String($EncryptedByteArray)
Return $EncryptedBase64String
}
解密:
Function Decrypt-Asymmetric
{
[CmdletBinding()]
[OutputType([System.String])]
param(
[Parameter(Position=0, Mandatory=$true)][ValidateNotNullOrEmpty()][System.String]
$EncryptedBase64String,
[Parameter(Position=1, Mandatory=$true)][ValidateNotNullOrEmpty()][System.String]
$CertThumbprint
)
# Decrypts text using the private key
# Assumes the certificate is in the LocalMachine\My (Personal) Store
$Cert = Get-ChildItem cert:\LocalMachine\My | where { $_.Thumbprint -eq $CertThumbprint }
if($Cert) {
$EncryptedByteArray = [Convert]::FromBase64String($EncryptedBase64String)
$ClearText = [System.Text.Encoding]::UTF8.GetString($Cert.PrivateKey.Decrypt($EncryptedByteArray,$true))
}
Else {Write-Error "Certificate with thumbprint: $CertThumbprint not found!"}
Return $ClearText
}