无法从原始字节

时间:2018-02-26 09:47:15

标签: c# powershell security powershell-v3.0 cng

我使用下面给出的powershell代码生成一个CngKey,并使用字节将文件导出到文件中。

同一个创建的文件没有被导入,并且在再次运行时被创建为键。它表示Bad Data再次导入时会显示错误数据。

Param(
[string] $keyName,    
[string] $exportPublicKeyFilePath)
function AddAccessToIISUser($filePath)
{
$filePath
[string] $iisUser = "IIS_IUSRS"
if([System.IO.File]::Exists($filePath))
{

    #Get File Security
    [System.Security.AccessControl.FileSecurity] $fSecurity = [System.IO.File]::GetAccessControl($filePath);

    #Add the FileSystemAccessRule
    [System.Security.AccessControl.FileSystemAccessRule] $accessRule = [System.Security.AccessControl.FileSystemAccessRule]::new($iisUser, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow)

    #Add access rule
    $fSecurity.AddAccessRule($accessRule)

    #Set the new access settings.
    [System.IO.File]::SetAccessControl($filePath, $fSecurity);  
    Write-Output "Access to $iisUser is provided on $filePath"  
}
}

TRY{    
[string] $fileName = $exportPublicKeyFilePath
[string] $globalkeyName = $keyName
[string] $cngPropertyName = "Length"

if($exportPublicKeyFilePath -eq "")
{
        $fileName = "C:\\Users\\user\\Desktop\\PublicKeyBytes"
}
Write-Output "Public Key File : $fileName "

if($keyName -eq "")
{
    $globalkeyName = "MyWorkplaceEncryptionKey2";
}
Write-Output "Global Key : $globalkeyName "

$isFileExists = [System.IO.File]::Exists($fileName)
$isKeyExists = [System.Security.Cryptography.CngKey]::Exists($globalkeyName, [System.Security.Cryptography.CngProvider]::MicrosoftSoftwareKeyStorageProvider, [System.Security.Cryptography.CngKeyCreationOptions]::MachineKey)
Write-Output "CNG Key : $globalkeyName - Exists :: $isKeyExists"
$isKeyExists

if(!$isKeyExists)
{   
    #Create Cng Key Parameter and set its properties
    [System.Security.Cryptography.CngKeyCreationParameters] $cngKeyParameter =  [System.Security.Cryptography.CngKeyCreationParameters]::new()
    $cngKeyParameter.KeyUsage = [System.Security.Cryptography.CngKeyUsages]::AllUsages
    $cngKeyParameter.ExportPolicy = [System.Security.Cryptography.CngExportPolicies]::AllowPlaintextExport

    $cngKeyParameter.Provider = [System.Security.Cryptography.CngProvider]::MicrosoftSoftwareKeyStorageProvider
    $cngKeyParameter.UIPolicy = [System.Security.Cryptography.CngUIPolicy]::new([System.Security.Cryptography.CngUIProtectionLevels]::None)
    $cngKeyParameter.KeyCreationOptions = [System.Security.Cryptography.CngKeyCreationOptions]::MachineKey

    if($isFileExists)
    {
    Write-Output 'true 1'

    $bytes = [System.IO.File]::ReadAllBytes(("C:\\Users\\user\\Desktop\\PublicKeyBytes"))
    #[System.Security.Cryptography.CngKey]::Import($bytes, [System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob)
    }
    else{
    Write-Output 'false 1'
    $bytes = [System.BitConverter]::GetBytes(2048)
    }
    #$bytes

    #Create Cng Property for Length, set its value and add it to Cng Key Parameter
    [System.Security.Cryptography.CngProperty] $cngProperty = [System.Security.Cryptography.CngProperty]::new($cngPropertyName, $bytes, [System.Security.Cryptography.CngPropertyOptions]::None)
    $cngProperty
    $cngKeyParameter.Parameters.Add($cngProperty)
    $cngKeyParameter
    #Create Cng Key for given $keyName using Rsa Algorithm
    [System.Security.Cryptography.CngKey] $key = [System.Security.Cryptography.CngKey]::Create([System.Security.Cryptography.CngAlgorithm]::Rsa, $globalkeyName, $cngKeyParameter)

    Write-Output "CNG Key : $globalkeyName - Created with below given properties"
    $key

    #Delete exportedKeyFile, re-create it and Write key bytes to it
    if($isFileExists)
    {
    Write-Output "File $fileName exist - deleting  file"
        [System.IO.File]::Delete($fileName)



       # [System.IO.File]::WriteAllBytes($fileName, $key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob));

    }
    else
    {
        Write-Output "File $fileName doesn't exist - creting file"
        [System.IO.File]::WriteAllBytes($fileName, $key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob));

    }

    Write-Output "Allow access to IIS User - IIS_USRS on exported key file  "
    #Allow access to IIS User - IIS_USRS on exported key file
    AddAccessToIISUser($env:ProgramData + "\Microsoft\Crypto\Keys\" + $key.UniqueName)        
}
else
{
Write-Output "opening key - $fileName  "
    [System.Security.Cryptography.CngKey] $key = [System.Security.Cryptography.CngKey]::Open($globalkeyName, [System.Security.Cryptography.CngProvider]::MicrosoftSoftwareKeyStorageProvider, [System.Security.Cryptography.CngKeyCreationOptions]::MachineKey)

    #Delete exportedKeyFile, re-create it and Write key bytes to it
    if($isFileExists)
    {
        [System.IO.File]::Delete($fileName)
        [System.IO.File]::WriteAllBytes($fileName, $key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob));
    }
    else
    {
        Write-Output "File $fileName doesn't exist"
        [System.IO.File]::WriteAllBytes($fileName, $key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob));
    }

    #Allow access to IIS User - IIS_USRS on exported key file
    AddAccessToIISUser($env:ProgramData + "\Microsoft\Crypto\Keys\" + $key.UniqueName)


    $key.Delete()
}  
}
CATCH{
Write-Output "CNG Key for RSA encryption not created"
$_.Exception.Message
throw $_.Exception
}

我使用下面给出的powershell代码生成一个CngKey,并使用字节将文件导出到文件中。

同一个创建的文件没有被导入,并且在再次运行时被创建为键。它表示Bad Data再次导入时会显示错误数据。

0 个答案:

没有答案