Created
June 24, 2024 17:04
-
-
Save AArnott/478f4385eea29e1b13c21d4b6e29cfd7 to your computer and use it in GitHub Desktop.
Powershell functions for asymmetric encryption and decryption of data with an arbitrary length
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Encrypt-DataAsymmetric { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] | |
| [byte[]]$Data, | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 1)] | |
| [byte[]]$PublicKey | |
| ) | |
| $CNGPublicKey = [System.Security.Cryptography.CngKey]::Import($PublicKey, [System.Security.Cryptography.CngKeyBlobFormat]::GenericPublicBlob) | |
| $Encryptor = [System.Security.Cryptography.RSACng]::new($CNGPublicKey) | |
| $Encryptor.Encrypt($Data, [System.Security.Cryptography.RSAEncryptionPadding]::OaepSHA384) | |
| } | |
| Function Decrypt-DataAsymmetric { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] | |
| [byte[]]$Data, | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 1)] | |
| [byte[]]$PrivateKey | |
| ) | |
| $CNGPrivateKey = [System.Security.Cryptography.CngKey]::Import($PrivateKey, [System.Security.Cryptography.CngKeyBlobFormat]::GenericPrivateBlob) | |
| $Decryptor = [System.Security.Cryptography.RSACng]::new($CNGPrivateKey) | |
| $Decryptor.Decrypt($Data, [System.Security.Cryptography.RSAEncryptionPadding]::OaepSHA384) | |
| } | |
| Function Encrypt-Data { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] | |
| [byte[]]$Data, | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 1)] | |
| [byte[]]$PublicKey | |
| ) | |
| $AES = [System.Security.Cryptography.Aes]::Create() | |
| $encryptor = $AES.CreateEncryptor() | |
| $ciphertext = $encryptor.TransformFinalBlock($Data, 0, $Data.Length) | |
| $encryptedKey = Encrypt-DataAsymmetric -Data $AES.Key -PublicKey $PublicKey | |
| New-Object PSObject ` | |
| | Add-Member -MemberType NoteProperty -Name EncryptedKey -Value ([Convert]::ToBase64String($encryptedKey)) -PassThru ` | |
| | Add-Member -MemberType NoteProperty -Name IV -Value ([Convert]::ToBase64String($AES.IV)) -PassThru ` | |
| | Add-Member -MemberType NoteProperty -Name Ciphertext -Value ([Convert]::ToBase64String($ciphertext)) -PassThru | |
| } | |
| Function Decrypt-Data { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] | |
| $EncryptedPacket, | |
| [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 3)] | |
| [byte[]]$PrivateKey | |
| ) | |
| $AES = [System.Security.Cryptography.Aes]::Create() | |
| $AES.Key = Decrypt-DataAsymmetric -Data ([Convert]::FromBase64String($EncryptedPacket.EncryptedKey)) -PrivateKey $PrivateKey | |
| $AES.IV = [Convert]::FromBase64String($EncryptedPacket.IV) | |
| $decryptor = $AES.CreateDecryptor() | |
| $ciphertext = [Convert]::FromBase64String($EncryptedPacket.Ciphertext) | |
| $decryptor.TransformFinalBlock($ciphertext, 0, $ciphertext.Length) | |
| } | |
| Function New-AsymmetricKey { | |
| $RSACNG = [System.Security.Cryptography.RSACng]::new(3072) | |
| $key = $RSACNG.Key | |
| New-Object psobject ` | |
| | Add-Member -MemberType NoteProperty -Name PublicKey -Value ($key.Export([System.Security.Cryptography.CngKeyBlobFormat]::GenericPublicBlob)) -PassThru ` | |
| | Add-Member -MemberType NoteProperty -Name PrivateKey -Value ($key.Export([System.Security.Cryptography.CngKeyBlobFormat]::GenericPrivateBlob)) -PassThru | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment