Created
September 14, 2017 18:04
-
-
Save geoffgarside/c28816a48516794095b96dcc5944ad25 to your computer and use it in GitHub Desktop.
Powershell Encryption, Compression, Base64 Encoding with C# Streams
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| # Read the Salt | |
| $Salt = New-Object Byte[](32) | |
| $BytesRead = $InputStream.Read($Salt, 0, $Salt.Length) | |
| if ( $BytesRead -ne $Salt.Length ) { | |
| Write-Host 'Failed to read Salt from file' | |
| exit | |
| } | |
| # Generate PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| # Setup our decryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Dec = $AES.CreateDecryptor($AESKey, $AESIV) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $InputStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| $CryptoStream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $Salt = New-Object Byte[](32) | |
| $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider | |
| $Prng.GetBytes($Salt) | |
| # Derive random bytes using PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| #$HMACKey = $PBKDF2.GetBytes(20) | |
| #$HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| # Setup our encryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Enc = $AES.CreateEncryptor($AESKey, $AESIV) | |
| # Write our Salt now, then append the encrypted data | |
| $OutputStream.Write($Salt, 0, $Salt.Length) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $OutputStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $InputStream.CopyTo($CryptoStream) | |
| $CryptoStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $B64Transform = New-Object System.Security.Cryptography.FromBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| # Read the Salt | |
| $Salt = New-Object Byte[](32) | |
| $BytesRead = $Base64Stream.Read($Salt, 0, $Salt.Length) | |
| if ( $BytesRead -ne $Salt.Length ) { | |
| Write-Host 'Failed to read Salt from file' | |
| exit | |
| } | |
| # Generate PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| $Code = New-Object Byte[](20) | |
| $BytesRead = $Base64Stream.Read($Code, 0, $Code.Length) | |
| if ( $BytesRead -ne $Code.Length ) { | |
| Write-Host 'Failed to read HMAC from file' | |
| exit | |
| } | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $Base64Stream.CopyTo($CryptedStream) | |
| $Base64Stream.Flush() | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| if (Compare-Object $Auth ($Code) -SyncWindow 0) { | |
| Write-Host 'Checksum failure.' | |
| exit | |
| } | |
| # Setup our decryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Dec = $AES.CreateDecryptor($AESKey, $AESIV) | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| $CryptoStream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( | |
| [String]$InputFile, | |
| [String]$OutputFile, | |
| [String]$Password="pa55w0rd", | |
| [String]$UseSalt | |
| ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| if ( $UseSalt ) { | |
| $String = $UseSalt.ToLower() -replace '[^a-f0-9]','' | |
| $Salt = @($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}}) | |
| } else { | |
| $Salt = New-Object Byte[](32) | |
| $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider | |
| $Prng.GetBytes($Salt) | |
| } | |
| # Derive random bytes using PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| # Setup our encryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Enc = $AES.CreateEncryptor($AESKey, $AESIV) | |
| # Write our Salt now, then append the encrypted data | |
| $B64Transform = New-Object System.Security.Cryptography.ToBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $Base64Stream.Write($Salt, 0, $Salt.Length) | |
| # Write out crypted data to memory | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $InputStream.CopyTo($CryptoStream) | |
| $CryptoStream.FlushFinalBlock() | |
| # Compute our HMAC | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| # Write out our HMAC | |
| $Base64Stream.Write($Auth, 0, $Auth.Length) | |
| # Write out out encrypted data | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $CryptedStream.CopyTo($Base64Stream) | |
| #$Base64Stream.Dispose() # Required to flush all the bytes through | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( | |
| [String]$InputFile, | |
| [String]$OutputFile, | |
| [String]$Password="pa55w0rd" | |
| ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $B64Transform = New-Object System.Security.Cryptography.FromBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| # Read the Salt | |
| $Salt = New-Object Byte[](32) | |
| $BytesRead = $Base64Stream.Read($Salt, 0, $Salt.Length) | |
| if ( $BytesRead -ne $Salt.Length ) { | |
| Write-Host 'Failed to read Salt from file' | |
| exit | |
| } | |
| # Generate PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| $Code = New-Object Byte[](20) | |
| $BytesRead = $Base64Stream.Read($Code, 0, $Code.Length) | |
| if ( $BytesRead -ne $Code.Length ) { | |
| Write-Host 'Failed to read HMAC from file' | |
| exit | |
| } | |
| Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower() | |
| Write-Host "HMAC:", ([System.BitConverter]::ToString($Code) -replace "-").ToLower() | |
| Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower() | |
| Write-Host "IV: ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower() | |
| Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower() | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $Base64Stream.CopyTo($CryptedStream) | |
| $Base64Stream.Flush() | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| if (Compare-Object $Auth ($Code) -SyncWindow 0) { | |
| Write-Host "AUTH:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower(), "failed" | |
| #exit | |
| } | |
| # Setup our decryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Dec = $AES.CreateDecryptor($AESKey, $AESIV) | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| $GzipStream = New-Object System.IO.Compression.GZipStream( | |
| $CryptoStream, [IO.Compression.CompressionMode]::Decompress) | |
| $GzipStream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( | |
| [String]$InputFile, | |
| [String]$OutputFile, | |
| [String]$Password="pa55w0rd", | |
| [String]$UseSalt | |
| ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| if ( $UseSalt ) { | |
| $String = $UseSalt.ToLower() -replace '[^a-f0-9]','' | |
| $Salt = @($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}}) | |
| } else { | |
| $Salt = New-Object Byte[](32) | |
| $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider | |
| $Prng.GetBytes($Salt) | |
| } | |
| # Derive random bytes using PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| # Setup our encryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Enc = $AES.CreateEncryptor($AESKey, $AESIV) | |
| # Write our Salt now, then append the encrypted data | |
| $B64Transform = New-Object System.Security.Cryptography.ToBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $Base64Stream.Write($Salt, 0, $Salt.Length) | |
| # Write out crypted data to memory | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| # think we want to GZIP around the InputStream | |
| $GzipStream = New-Object System.IO.Compression.GZipStream( | |
| $CryptoStream, [IO.Compression.CompressionMode]::Compress) | |
| $InputStream.CopyTo($GzipStream) | |
| $GzipStream.Flush() | |
| $CryptoStream.FlushFinalBlock() | |
| # Compute our HMAC | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| # Write out our HMAC | |
| $Base64Stream.Write($Auth, 0, $Auth.Length) | |
| Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower() | |
| Write-Host "HMAC:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower() | |
| Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower() | |
| Write-Host "IV: ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower() | |
| Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower() | |
| # Write out out encrypted data | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $CryptedStream.CopyTo($Base64Stream) | |
| $CryptedStream.Flush() | |
| $Base64Stream.FlushFinalBlock() | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( | |
| [String]$InputFile, | |
| [String]$OutputFile, | |
| [String]$Password="pa55w0rd" | |
| ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $B64Transform = New-Object System.Security.Cryptography.FromBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| # Read the Salt | |
| $Salt = New-Object Byte[](32) | |
| $BytesRead = $Base64Stream.Read($Salt, 0, $Salt.Length) | |
| if ( $BytesRead -ne $Salt.Length ) { | |
| Write-Host 'Failed to read Salt from file' | |
| exit | |
| } | |
| # Generate PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| $Code = New-Object Byte[](20) | |
| $BytesRead = $Base64Stream.Read($Code, 0, $Code.Length) | |
| if ( $BytesRead -ne $Code.Length ) { | |
| Write-Host 'Failed to read HMAC from file' | |
| exit | |
| } | |
| Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower() | |
| Write-Host "HMAC:", ([System.BitConverter]::ToString($Code) -replace "-").ToLower() | |
| Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower() | |
| Write-Host "IV: ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower() | |
| Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower() | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $Base64Stream.CopyTo($CryptedStream) | |
| $Base64Stream.Flush() | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| if (Compare-Object $Auth ($Code) -SyncWindow 0) { | |
| Write-Host "AUTH:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower(), "failed" | |
| #exit | |
| } | |
| # Setup our decryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| # Setup the crypto-stream | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $Decryptor = $AES.CreateDecryptor($AESKey, $AESIV) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Decryptor, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| # Get the first byte so we can check to see if is compressed or not | |
| $FirstByte = $CryptoStream.ReadByte() | |
| # Setup the crypto-stream again because we can't seek... | |
| [void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin) | |
| $Decryptor = $AES.CreateDecryptor($AESKey, $AESIV) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Decryptor, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| if ($FirstByte -eq 0x1F) { | |
| $GzipStream = New-Object System.IO.Compression.GZipStream( | |
| $CryptoStream, [IO.Compression.CompressionMode]::Decompress) | |
| $GzipStream.CopyTo($OutputStream) | |
| } else { | |
| $CryptoStream.CopyTo($OutputStream) | |
| } | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( | |
| [String]$InputFile, | |
| [String]$OutputFile, | |
| [String]$Password="pa55w0rd", | |
| [String]$UseSalt, | |
| [switch]$Compress=$false | |
| ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| if ( $UseSalt ) { | |
| $String = $UseSalt.ToLower() -replace '[^a-f0-9]','' | |
| $Salt = @($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}}) | |
| } else { | |
| $Salt = New-Object Byte[](32) | |
| $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider | |
| $Prng.GetBytes($Salt) | |
| } | |
| # Derive random bytes using PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| # Setup our encryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Enc = $AES.CreateEncryptor($AESKey, $AESIV) | |
| # Write our Salt now, then append the encrypted data | |
| $B64Transform = New-Object System.Security.Cryptography.ToBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $Base64Stream.Write($Salt, 0, $Salt.Length) | |
| # Write out crypted data to memory | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| # think we want to GZIP around the InputStream | |
| if ($Compress) { | |
| $GzipStream = New-Object System.IO.Compression.GZipStream( | |
| $CryptoStream, [IO.Compression.CompressionMode]::Compress) | |
| $InputStream.CopyTo($GzipStream) | |
| $GzipStream.Flush() | |
| } else { | |
| $InputStream.CopyTo($CryptoStream) | |
| } | |
| $CryptoStream.FlushFinalBlock() | |
| # Compute our HMAC | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| # Write out our HMAC | |
| $Base64Stream.Write($Auth, 0, $Auth.Length) | |
| Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower() | |
| Write-Host "HMAC:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower() | |
| Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower() | |
| Write-Host "IV: ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower() | |
| Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower() | |
| # Write out out encrypted data | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $CryptedStream.CopyTo($Base64Stream) | |
| $CryptedStream.Flush() | |
| $Base64Stream.FlushFinalBlock() | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| # Read the Salt | |
| $Salt = New-Object Byte[](32) | |
| $BytesRead = $InputStream.Read($Salt, 0, $Salt.Length) | |
| if ( $BytesRead -ne $Salt.Length ) { | |
| Write-Host 'Failed to read Salt from file' | |
| exit | |
| } | |
| # Generate PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| $Code = New-Object Byte[](20) | |
| $BytesRead = $InputStream.Read($Code, 0, $Code.Length) | |
| if ( $BytesRead -ne $Code.Length ) { | |
| Write-Host 'Failed to read HMAC from file' | |
| exit | |
| } | |
| [void]$InputStream.Seek(52, [System.IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($InputStream) | |
| if (Compare-Object $Auth ($Code) -SyncWindow 0) { | |
| Write-Host 'Checksum failure.' | |
| exit | |
| } | |
| # Setup our decryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Dec = $AES.CreateDecryptor($AESKey, $AESIV) | |
| [void]$InputStream.Seek(52, [System.IO.SeekOrigin]::Begin) | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $InputStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| $CryptoStream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $Salt = New-Object Byte[](32) | |
| $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider | |
| $Prng.GetBytes($Salt) | |
| # Derive random bytes using PBKDF2 from Salt and Password | |
| $PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes( | |
| $Password, $Salt) | |
| # Get our AES key, iv and hmac key from the PBKDF2 stream | |
| $AESKey = $PBKDF2.GetBytes(32) | |
| $AESIV = $PBKDF2.GetBytes(16) | |
| $HMACKey = $PBKDF2.GetBytes(20) | |
| $HMAC = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey) | |
| # Setup our encryptor | |
| $AES = New-Object Security.Cryptography.AesManaged | |
| $Enc = $AES.CreateEncryptor($AESKey, $AESIV) | |
| # Write our Salt now, then append the encrypted data | |
| $OutputStream.Write($Salt, 0, $Salt.Length) | |
| # Write out crypted data to memory | |
| $CryptedStream = New-Object IO.MemoryStream | |
| $CryptoStream = New-Object System.Security.Cryptography.CryptoStream( | |
| $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $InputStream.CopyTo($CryptoStream) | |
| $CryptoStream.FlushFinalBlock() | |
| # Compute our HMAC | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $Auth = $HMAC.ComputeHash($CryptedStream) | |
| # Write out our HMAC | |
| $OutputStream.Write($Auth, 0, $Auth.Length) | |
| # Write out out encrypted data | |
| [void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin) | |
| $CryptedStream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $B64Transform = New-Object System.Security.Cryptography.FromBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read) | |
| $Base64Stream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() # Required to flush the content to disk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $B64Transform = New-Object System.Security.Cryptography.ToBase64Transform | |
| $Base64Stream = New-Object System.Security.Cryptography.CryptoStream( | |
| $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write) | |
| $InputStream.CopyTo($Base64Stream) | |
| $Base64Stream.Dispose() # Required to flush all the bytes through |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $GzipStream = New-Object System.IO.Compression.GZipStream( | |
| $OutputStream, [IO.Compression.CompressionMode]::Compress) | |
| $InputStream.CopyTo($GzipStream) | |
| $GzipStream.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env powershell | |
| param ( [String]$InputFile, [String]$OutputFile ) | |
| $InputStream = New-Object IO.FileStream($InputFile, | |
| [IO.FileMode]::Open, [IO.FileAccess]::Read) | |
| $OutputStream = New-Object IO.FileStream($OutputFile, | |
| [IO.FileMode]::Create, [IO.FileAccess]::Write) | |
| $GzipStream = New-Object System.IO.Compression.GZipStream( | |
| $InputStream, [IO.Compression.CompressionMode]::Decompress) | |
| $GzipStream.CopyTo($OutputStream) | |
| $OutputStream.Dispose() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment