Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#
# Encrypt and Decrypt using Rijndael 256bit - Run as administrator!
#
$DnsName = 'MyEncryptionCert' # DNS name of the certificate you want to use for encryption
# Only Create a new certificate if you need to
# To Create the certificate
# New-SelfSignedCertificate -Type DocumentEncryptionCertLegacyCsp -DnsName $DnsName -HashAlgorithm SHA256
# change the following two secret phrases
$salt = "Marc01"
$init = "Marc7455755765" # supply a strong password
$CertThumbprint = (Get-ChildItem cert:\LocalMachine\My | Where-Object -FilterScript {$_.Subject -eq "CN=$DnsName"}).Thumbprint
$password = $CertThumbprint
# Export Private Key to the desktop
$PrivateKeyPassword = (ConvertTo-SecureString -String "Passw0rd" -Force -AsPlainText)
Get-ChildItem cert:\LocalMachine\My |
Where-Object -FilterScript {$_.Subject -eq "CN=$DnsName"} |
Export-PfxCertificate -FilePath "$env:USERPROFILE\Desktop\$DnsName.pfx" -Password $PrivateKeyPassword
#
# check bottom of the script for Samples
#
function Encrypt-String([string]$String)
{
return $password
$rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged
$pass = [Text.Encoding]::UTF8.GetBytes($password)
$salt = [Text.Encoding]::UTF8.GetBytes($salt)
$rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8
$rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
$encryptor = $rijndaelCSP.CreateEncryptor()
$memoryStream = New-Object System.IO.MemoryStream
$encryptStream = New-Object Security.Cryptography.CryptoStream $memoryStream, $encryptor, "Write"
$streamWriter = New-Object System.IO.StreamWriter $encryptStream
$streamWriter.Write($String)
$streamWriter.Close()
$encryptStream.Close()
$memoryStream.Close()
$rijndaelCSP.Clear()
[byte[]]$result = $memoryStream.ToArray()
[Convert]::ToBase64String($result)
}
function Decrypt-String([string]$Encrypted)
{
$Encrypted = [Convert]::FromBase64String($Encrypted)
$rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged
$pass = [System.Text.Encoding]::UTF8.GetBytes($password)
$salt = [System.Text.Encoding]::UTF8.GetBytes($salt)
$rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8
$rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
$decryptor = $rijndaelCSP.CreateDecryptor()
$memoryStream = New-Object IO.MemoryStream @(,$Encrypted)
$decryptStream = New-Object Security.Cryptography.CryptoStream $memoryStream, $decryptor, "Read"
$streamReader = New-Object System.IO.StreamReader $decryptStream
Write-Output $streamReader.ReadToEnd()
$streamReader.Close()
$decryptStream.Close()
$memoryStream.Close()
$rijndaelCSP.Clear()
}
function Encrypt-File([string]$fileName, [string]$encryptedFile)
{
if($encryptedFile -eq $null -or $encryptedFile -eq "")
{
$encryptedFile = $fileName
}
$rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged
$pass = [Text.Encoding]::UTF8.GetBytes($password)
$salt = [Text.Encoding]::UTF8.GetBytes($salt)
$rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8
$rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
$encryptor = $rijndaelCSP.CreateEncryptor()
$inputFileStream = New-Object System.IO.FileStream($fileName, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read)
[int]$dataLen = $inputFileStream.Length
[byte[]]$inputFileData = New-Object byte[] $dataLen
[void]$inputFileStream.Read($inputFileData, 0, $dataLen)
$inputFileStream.Close()
$outputFileStream = New-Object System.IO.FileStream($encryptedFile, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write)
$encryptStream = New-Object Security.Cryptography.CryptoStream $outputFileStream, $encryptor, "Write"
$encryptStream.Write($inputFileData, 0, $dataLen)
$encryptStream.Close()
$outputFileStream.Close()
$rijndaelCSP.Clear()
}
function Decrypt-File([string]$encryptedFile, [string]$decryptedFile)
{
if($decryptedFile -eq $null -or $decryptedFile -eq "")
{
$decryptedFile = $encryptedFile
}
$rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged
$pass = [System.Text.Encoding]::UTF8.GetBytes($password)
$salt = [System.Text.Encoding]::UTF8.GetBytes($salt)
$rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8
$rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15]
$decryptor = $rijndaelCSP.CreateDecryptor()
$inputFileStream = New-Object System.IO.FileStream($encryptedFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read)
$decryptStream = New-Object Security.Cryptography.CryptoStream $inputFileStream, $decryptor, "Read"
[int]$dataLen = $inputFileStream.Length
[byte[]]$inputFileData = New-Object byte[] $dataLen
[int]$decryptLength = $decryptStream.Read($inputFileData, 0, $dataLen)
$decryptStream.Close()
$inputFileStream.Close()
$outputFileStream = New-Object System.IO.FileStream($decryptedFile, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write)
$outputFileStream.Write($inputFileData, 0, $decryptLength)
$outputFileStream.Close()
$rijndaelCSP.Clear()
}
#
# Samples
#
# Note: change the file/folder names in the samples
#
# encrypt single file
$FileToEncrypt = 'C:\Users\marc\Dropbox\Build\M-Drive.ps1'
$encryptedFile = 'C:\Users\marc\Dropbox\Build\M-DriveE.ps1'
Encrypt-File $FileToEncrypt $encryptedFile
# decrypt single file
$FileToDecrypt = 'C:\Users\marc\Dropbox\Build\M-DriveE.ps1'
$DecryptedFile = 'C:\Users\marc\Dropbox\Build\M-Drive.ps1'
Decrypt-File $FileToDecrypt $DecryptedFile
# Encrypt all files except .exe .msi
$RawFilesLocation = 'C:\Users\makean\Downloads\test'
$RawFiles = Get-ChildItem $RawFilesLocation -Recurse | ? {$_.Attributes -notlike '*Directory*' -and $_.Extension -notlike '*msi' -and $_.Extension -notlike '*exe'}
foreach($RawFile in $RawFiles){
Encrypt-File $RawFile.FullName ($RawFile.FullName + ".encrypted")
Remove-Item $RawFile.FullName -Force
}
# Decrypt all files except .exe .msi
$RawFilesLocation = 'E:\Microsoft\BuildTest'
$RawFiles = Get-ChildItem $RawFilesLocation -Recurse | ? {$_.Attributes -notlike '*Directory*' -and $_.Extension -like '*encrypted'}
foreach($RawFile in $RawFiles){
Decrypt-File $RawFile.FullName ($RawFile.FullName -replace "\.encrypted")
Remove-Item $RawFile.FullName -Force
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.