Skip to content

Instantly share code, notes, and snippets.

@mendel129
Last active November 25, 2019 20:01
Show Gist options
  • Save mendel129/06a09653a1dc1ab16038 to your computer and use it in GitHub Desktop.
Save mendel129/06a09653a1dc1ab16038 to your computer and use it in GitHub Desktop.
Needed to make powershell natively talk with gibberish-aes, with random salt (and this should be openssl compatible...)
#PowerShell to create an gibberishaes(and openssl) compatible aes string with salt
#Salted__8bitsalt/aesstring
#thanks for .netcode -> http://stackoverflow.com/questions/5452422/openssl-using-only-net-classes
function OpenSSLEncrypt($passphrase, $plainText)
{
# generate salt
[byte[]] $key
[byte[]] $iv;
[byte[]] $salt = RandomByteArray
$rng = (new-Object Security.Cryptography.RNGCryptoServiceProvider);
$res = DeriveKeyAndIV $passphrase $salt
$key = $res.key
$iv = $res.iv
# encrypt bytes
[byte[]] $encryptedBytes = EncryptStringToBytesAes $plainText $key $iv;
$encryptedBytes = $encryptedBytes[1..33]
# add salt as first 8 bytes
[byte[]] $encryptedBytesWithSalt
$encryptedBytesWithSalt = ([Text.Encoding]::ASCII.GetBytes("Salted__"))
$encryptedBytesWithSalt += $salt
$encryptedBytesWithSalt += $encryptedBytes
# base64 encode
return [Convert]::ToBase64String($encryptedBytesWithSalt)
}
function DeriveKeyAndIV($passphrase, $salt)
{
# generate key and iv
$concatenatedHashes
[byte[]] $password = [Text.Encoding]::UTF8.GetBytes($passphrase);
[byte[]] $currentHash =@()
$md5 = new-object System.Security.Cryptography.MD5CryptoServiceProvider
[bool] $enoughBytesForKey = $false;
# See http://www.openssl.org/docs/crypto/EVP_BytesToKey.html#KEY_DERIVATION_ALGORITHM
while (!$enoughBytesForKey)
{
[byte[]] $preHash = @()
$preHash = $currentHash
$preHash += $password
$preHash += $salt
$currentHash = $md5.ComputeHash($preHash);
$concatenatedHashes += $currentHash;
if ($concatenatedHashes.Count -ge 48)
{
$enoughBytesForKey = $true;
}
}
$key = $concatenatedHashes[0..31]
$iv = $concatenatedHashes[32..(32+15)]
$md5.Clear();
$md5 = $null;
$value = New-Object -TypeName PSObject -Property @{
key = $key
iv = $iv
}
$value
}
function EncryptStringToBytesAes($plainText, $key, $iv)
{
# Check arguments.
if ($plainText -eq $null -or $plainText.Length -le 0){
throw new-object ArgumentNullException("plainText");}
if ($key -eq $null -or $key.Length -le 0){
throw new-object ArgumentNullException("key");}
if ($iv -eq $null -or $iv.Length -le 0){
throw new-object ArgumentNullException("iv");}
# Declare the stream used to encrypt to an in memory
# array of bytes.
$msEncrypt;
# Declare the RijndaelManaged object
# used to encrypt the data.
$aesAlg = new-Object System.Security.Cryptography.RijndaelManaged
try
{
# Create a RijndaelManaged object
# with the specified key and IV.
$aesAlg = new-object System.Security.Cryptography.RijndaelManaged
$aesAlg.Mode = [System.Security.Cryptography.CipherMode]::CBC
$aesAlg.KeySize = 256
$aesAlg.BlockSize = 128
$aesAlg.key = $key
$aesAlg.IV = $iv
# Create an encryptor to perform the stream transform.
[System.Security.Cryptography.ICryptoTransform] $encryptor = $aesAlg.CreateEncryptor($aesAlg.Key, $aesAlg.IV);
# Create the streams used for encryption.
$msEncrypt = new-Object System.IO.MemoryStream
$csEncrypt = new-object System.Security.Cryptography.CryptoStream($msEncrypt, $encryptor, [System.Security.Cryptography.CryptoStreamMode]::Write)
$swEncrypt = new-object System.IO.StreamWriter($csEncrypt)
#Write all data to the stream.
$swEncrypt.Write($plainText);
$swEncrypt.Flush();
$swEncrypt.Close();
}
finally
{
# Clear the RijndaelManaged object.
if ($aesAlg -ne $null){
$aesAlg.Clear();}
}
# Return the encrypted bytes from the memory stream.
return $msEncrypt.ToArray();
}
function RandomByteArray([int] $length = 8)
{
$array = @()
for($i=0;$i -lt $length;$i++)
{
$array += [math]::Round($(Get-Random -Minimum 50.1 -Maximum 190.1))
}
return $array
}
###example###
$passphrase = "some password"
$plaintext = "A lot of dummy plaintext,"
OpenSSLEncrypt $passphrase $plainText
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment