private static void ReEncryptFile() { string oldAliasName = string.Empty; string newAliasName = string.Empty; string infile = string.Empty; X509Alias OldAlias = null; X509Alias NewAlias = null; X509Context OldContext = null; X509Context NewContext = null; try { oldAliasName = SelectedMode.GetString(Parameter.OldAlias.ID); newAliasName = SelectedMode.GetString(Parameter.NewAliasReEnc.ID); OldContext = SelectedMode.GetContext(Parameter.OldContext.ID); NewContext = SelectedMode.GetContext(Parameter.NewContext.ID); infile = SelectedMode.GetString(Parameter.InReEncFile.ID); OldAlias = new X509Alias(oldAliasName, OldContext); NewAlias = new X509Alias(newAliasName, NewContext); X509Utils.ReEncryptFile(OldAlias, NewAlias, infile); ConsoleMessage($"The file {infile.InQuotes()} was successfully re-encrypted using the X509Crypto alias {newAliasName.InQuotes()} located in the {NewContext.Name.InQuotes()} {nameof(X509Context)}"); } catch (Exception ex) { throw new X509CryptoException(@"Unable to re-encrypt the specified file", ex); } }
static void EncryptText() { bool secretAdded = false; string ciphertext = string.Empty; string outfile = string.Empty; string aliasName = string.Empty; string secretName = string.Empty; string plaintext = string.Empty; X509Context Context = null; try { aliasName = SelectedMode.GetString(Parameter.AliasEnc.ID); Context = SelectedMode.GetContext(Parameter.Context.ID); plaintext = SelectedMode.GetString(Parameter.InEncText.ID); using (X509Alias Alias = new X509Alias(aliasName, Context)) { if (Parameter.SecretEnc.IsDefined) { secretName = SelectedMode.GetString(Parameter.SecretEnc.ID); ciphertext = Alias.EncryptText(plaintext); secretAdded = Util.AddSecret(secretName, ciphertext, Alias); } } if (!secretAdded) { WriteOutput(ciphertext, Parameter.OutEncText.ID, Samples.Ciphertext); } } catch (Exception ex) { throw new X509CryptoException($"An exception occurred when attempting to export the {nameof(X509Alias)}", ex); } }
public X509AliasDescription(X509Alias Alias) { AliasName = Alias.Name; Thumbprint = Alias.Thumbprint; Subject = Alias.Certificate.Subject; Expires = Alias.Certificate.NotAfter; }
private static void ImportAlias() { try { string aliasName = Parameter.AliasToImport.IsDefined ? SelectedMode.GetString(Parameter.AliasToImport.ID) : string.Empty; string inFile = SelectedMode.GetString(Parameter.InImportAlias.ID); bool overwriteExisting = SelectedMode.GetBool(Parameter.OverWriteExistingAlias.ID); X509Context Context = SelectedMode.GetContext(Parameter.Context.ID); X509Alias AliasToImport = X509Alias.Import(inFile, Context, aliasName); if (!overwriteExisting && X509Alias.AliasExists(AliasToImport)) { throw new X509AliasAlreadyExistsException(AliasToImport); } AliasToImport.Commit(); ConsoleMessage($"{nameof(X509Alias)} {AliasToImport.Name.InQuotes()} has been successfully imported into the {Context.Name} {nameof(X509Context)} from the file {inFile.InQuotes()}"); if (!X509CryptoAgent.CertificateExists(AliasToImport)) { ConsoleWarning($"An encryption certificate with thumbprint {AliasToImport.Thumbprint.InQuotes()} could not be found in the {Context.Name} {nameof(X509Context)}. Ensure this certificate is installed on the system before using this alias."); } } catch (Exception ex) { if (ex is X509AliasAlreadyExistsException) { throw; } else { throw new X509CryptoException(@"Unable to import the specified alias", ex); } } }
private static void ExportAlias() { string aliasName = string.Empty; string outfile = string.Empty; try { aliasName = SelectedMode.GetString(Parameter.AliasToExport.ID); outfile = SelectedMode.GetString(Parameter.OutExportAlias.ID); bool overwriteExisting = SelectedMode.GetBool(Parameter.OverWriteExistingFile.ID); X509Context Context = SelectedMode.GetContext(Parameter.Context.ID); X509Alias Alias = new X509Alias(aliasName, Context); Alias.Export(ref outfile, includeCert: true, overwriteExisting); ConsoleMessage($"{nameof(X509Alias)} aliasName was successfully exported to file {outfile.InQuotes()}"); } catch (FileNotFoundException) { throw; } catch (X509CryptoException) { throw; } catch (Exception ex) { throw new X509CryptoException($"An exception occurred when attempting to export the {nameof(X509Alias)}", ex); } }
private static void UpdateAlias() { try { string aliasName = SelectedMode.GetString(Parameter.AliasToUpdate.ID); string newThumbprint = SelectedMode.GetString(Parameter.Thumbprint.ID); X509Context OldContext = SelectedMode.GetContext(Parameter.OldContext.ID); X509Context NewContext = SelectedMode.GetContext(Parameter.NewContext.ID, OldContext); if (!X509CryptoAgent.CertificateExists(newThumbprint, NewContext)) { throw new X509CryptoCertificateNotFoundException(newThumbprint, NewContext); } X509Alias Alias = new X509Alias(aliasName, OldContext); Alias.ReEncrypt(newThumbprint, NewContext); Alias.Commit(); ConsoleMessage($"{nameof(X509Alias)} {aliasName} successfully updated. Now using encryption certificate with thumbprint {newThumbprint} from the {NewContext.Name} {nameof(X509Context)}"); } catch (Exception ex) { if (ex is X509CryptoCertificateNotFoundException) { throw; } else { throw new X509CryptoException(@"Unable to update the specified alias", ex); } } }
private void DoWork() { Console.WriteLine($"Path: {Path}"); var Context = X509Context.Select(Location, true); var Alias = Context.GetAliases(true).FirstOrDefault(p => p.Name.Matches(Name)); if (null != Alias) { if (!Overwrite || !Util.WarnConfirm($"An existing {nameof(X509Alias)} with the name {Name.InQuotes()} exists in the {Context.Name} {nameof(X509Context)}. OK to overwrite?", Constants.Affirm)) { throw new X509CryptoException($"Could not import the certificate. An {nameof(X509Alias)} with the name {Name.InQuotes()} exists in the {Context.Name} {nameof(X509Context)}"); } } var PfxPassword = Util.GetPassword($"Enter the password to unlock {System.IO.Path.GetFileName(Path).InQuotes()}", 0); var thumbprint = X509Utils.InstallCert(Path, PfxPassword, Context); StringBuilder Expression = new StringBuilder($"Added encryption certificate to the {Context.Name} {nameof(X509Context)}. \r\nCertificate Thumbprint: {thumbprint}"); if (null != Alias && Alias.HasCert(Context)) { Alias.ReEncrypt(thumbprint, Context); Expression.AppendLine($"\r\nAll secrets contained in the existing {nameof(X509Alias)} {Alias.Name.InQuotes()} have been re-encrypted using the new certificate."); } else { Alias = new X509Alias(Name, thumbprint, Context, false); Alias.Commit(); Expression.Append($"\r\n {nameof(X509Alias)}: {Name}"); } Util.ConsoleMessage(Expression.ToString()); Result = Alias; }
private void DoWork() { context = X509Context.Select(Location, true); X509Alias Alias = new X509Alias(Name, context); Result = Alias; Console.WriteLine($"Alias {Name.InQuotes()} has been loaded from the {context.Name.InQuotes()} {nameof(X509Context)}"); }
static void Main(string[] args) { var OldAlias = new X509Alias(@"exporttest", X509Context.UserFull); var NewAlias = new X509Alias(@"updateSample", X509Context.UserFull); OldAlias.EncryptFile(@"P:\_temp\test.docx", @"P:\_temp\test.docx.ctx"); NewAlias.ReEncryptFile(@"P:\_temp\test.docx.ctx", OldAlias); }
private void DoWork() { string name = Alias.Name; Alias.Dispose(); Alias = null; Console.WriteLine($"{nameof(X509Alias)} {name.InQuotes()} has been dismounted."); Result = true; }
private static void EncryptFile() { int wipeTimesToWrite = 0; string inFile = string.Empty; string outfile = string.Empty; string aliasName = string.Empty; bool overwriteExisting = false; X509Context Context = null; try { inFile = SelectedMode.GetString(Parameter.InEncFile.ID); if (Parameter.OutEncFile.IsDefined) { outfile = SelectedMode.GetString(Parameter.OutEncFile.ID); } else { outfile = $"{inFile}{FileExtensions.Ciphertext}"; } overwriteExisting = SelectedMode.GetBool(Parameter.OverWriteExistingFile.ID); Util.CheckForExistingFile(outfile, overwriteExisting, Parameter.OverWriteExistingFile.Name, Constants.Affirm); if (Parameter.Wipe.IsDefined) { if (!Util.WarnConfirm($"You have included the {Parameter.Wipe.Name.InQuotes()} argument. This will permanently delete the file {inFile.InQuotes()} from disk.", Constants.Affirm)) { return; } else { wipeTimesToWrite = SelectedMode.GetInt(Parameter.Wipe.ID); } } aliasName = SelectedMode.GetString(Parameter.AliasEnc.ID); Context = SelectedMode.GetContext(Parameter.Context.ID); using (X509Alias Alias = new X509Alias(aliasName, Context)) { Alias.EncryptFile(inFile, outfile, wipeTimesToWrite); } StringBuilder Expression = new StringBuilder($"The file {inFile.InQuotes()} was successfully encrypted. The ciphertext file name is {outfile.InQuotes()}"); if (Parameter.Wipe.IsDefined) { Expression.Append($"\r\nThe plaintext file has also been erased from disk"); } ConsoleMessage(Expression.ToString()); } catch (Exception ex) { throw new X509CryptoException(@"Unable to encrypt the specified file", ex); } }
private void DoWork() { context = X509Context.Select(Location, true); if (string.IsNullOrEmpty(Thumbprint)) { Thumbprint = MakeCert(); } X509Alias Alias = new X509Alias(Name, Thumbprint, context, true); Alias.Commit(); Result = Alias; Console.WriteLine($"New alias {Name.InQuotes()} committed to {context.Name.InQuotes()} {nameof(X509Context)}\r\nThumbprint: {Alias.Thumbprint}"); }
private static void AddAlias() { try { string thumbprint = SelectedMode.GetString(Parameter.Thumbprint.ID); string aliasName = SelectedMode.GetString(Parameter.AliasToAdd.ID); X509Context Context = SelectedMode.GetContext(Parameter.Context.ID); X509Alias NewAlias = new X509Alias(aliasName, thumbprint, Context, AllowExistingAlias.No); NewAlias.Commit(); ConsoleMessage($"New {nameof(X509Alias)} {aliasName.InQuotes()} was created in the {Context.Name} {nameof(X509Context)} using certificate with thumbprint {thumbprint.InQuotes()}"); } catch (Exception ex) { throw new X509CryptoException(@"An exception occurred. The new alias could not be created.", ex); } }
private void DoWork() { if (aliasSet) { if (contextSet || thumbprintSet) { throw new ParameterBindingException($"Either the {nameof(Alias).InQuotes()} parameter or the {nameof(Location).InQuotes()} and {nameof(Thumbprint).InQuotes()} parameters must be set."); } } else { if (!(contextSet && thumbprintSet)) { throw new ParameterBindingException($"Either the {nameof(Alias).InQuotes()} parameter or the {nameof(Location).InQuotes()} and {nameof(Thumbprint).InQuotes()} parameters must be set."); } } if (!aliasSet) { Alias = new X509Alias(string.Empty, Thumbprint, Context, false); } if (!System.IO.Path.GetExtension(Path).Matches(FileExtensions.Pfx)) { path = $"{path}{FileExtensions.Pfx}"; } if (File.Exists(Path)) { if (Overwrite || Util.WarnConfirm($"The specified file {Path.InQuotes()} already exists. Do you wish to overwrite it?", Constants.Affirm)) { X509Utils.DeleteFile(Path, confirmDelete: true); } else { throw new X509CryptoException($"The specified file {Path.InQuotes()} already exists."); } } var Password = Util.GetPassword(@"Enter a strong password (needed to unlock the .pfx file)", Constants.MinimumPasswordLength, true); X509CryptoAgent.ExportPFX(Alias.Thumbprint, Alias.Context, Path, Password.Plaintext()); Util.ConsoleMessage($"Encryption certificate with thumbprint {Alias.Thumbprint} from the {Alias.Context.Name} {nameof(X509Context)} has been exported to the file {Path.InQuotes()}"); Result = new FileInfo(Path); }
private static void RemoveAlias() { try { string aliasName = SelectedMode.GetString(Parameter.AliasToRemove.ID); X509Context Context = SelectedMode.GetContext(Parameter.Context.ID); if (Util.WarnConfirm($"This will ERASE the {nameof(X509Alias)} {aliasName.InQuotes()} from the {Context.Name} {nameof(X509Context)} on this computer.", Constants.Affirm)) { X509Alias AliasToRemove = new X509Alias(aliasName, Context); AliasToRemove.Remove(); ConsoleMessage($"{nameof(X509Alias)} {aliasName.InQuotes()} was removed from the {Context.Name} {nameof(X509Context)}."); } } catch (Exception ex) { throw new X509CryptoException(@"Unable to remove the specified alias", ex); } }
private void DoWork() { var Context = X509Context.Select(Location, true); var AliasToImport = X509Alias.Import(Path, Context, Name); if (!Overwrite && X509Alias.AliasExists(AliasToImport)) { throw new X509AliasAlreadyExistsException(AliasToImport); } AliasToImport.Commit(); Util.ConsoleMessage($"{nameof(X509Alias)} {AliasToImport.Name.InQuotes()} has been successfully imported into the {Context.Name} {nameof(X509Context)} from the file {Path.InQuotes()}"); if (!X509CryptoAgent.CertificateExists(AliasToImport)) { Util.ConsoleWarning($"An encryption certificate with thumbprint {AliasToImport.Thumbprint.InQuotes()} could not be found in the {Context.Name} {nameof(X509Context)}. Ensure this certificate is installed on the system before using this alias."); } Result = AliasToImport; }
private static void ReEncryptText() { bool secretAdded = false; string oldCiphertext = string.Empty; string newCiphertext = string.Empty; string oldAliasName = string.Empty; string targetAliasName = string.Empty; string secretName = string.Empty; string outfile = string.Empty; X509Context OldContext = null; X509Context TargetContext = null; X509Alias OldAlias = null; X509Alias TargetAlias = null; try { oldAliasName = SelectedMode.GetString(Parameter.OldAlias.ID); targetAliasName = SelectedMode.GetString(Parameter.NewAlias.ID); OldContext = SelectedMode.GetContext(Parameter.OldContext.ID); TargetContext = SelectedMode.GetContext(Parameter.TargetContext.ID); OldAlias = new X509Alias(oldAliasName, OldContext); TargetAlias = new X509Alias(targetAliasName, TargetContext); newCiphertext = TargetAlias.ReEncryptSecret(secretName, OldAlias); if (Parameter.SecretReEnc.IsDefined) { secretName = SelectedMode.GetString(Parameter.SecretReEnc.ID); secretAdded = Util.AddSecret(secretName, newCiphertext, TargetAlias); } if (!secretAdded) { WriteOutput(newCiphertext, Parameter.OutEncText.ID, Samples.Ciphertext); } } catch (Exception ex) { ConsoleError(new X509CryptoException(@"Unable to re-encrypt the specified expression", ex), SelectedMode.Usage(SelectedCommand.Name, InCli)); } }
static void DecryptText() { string plaintext = string.Empty; string ciphertext = string.Empty; string outfile = string.Empty; string aliasName = string.Empty; string secretName = string.Empty; X509Context Context = null; try { if (!(Parameter.SecretDec.IsDefined ^ Parameter.InDecText.IsDefined)) { throw new X509CryptoException($"Either {Parameter.SecretDec.Name.InQuotes()} or {Parameter.InDecText.Name.InQuotes()} must be defined, but not both."); } aliasName = SelectedMode.GetString(Parameter.AliasDec.ID); Context = SelectedMode.GetContext(Parameter.Context.ID); using (X509Alias Alias = new X509Alias(aliasName, Context)) { if (Parameter.SecretDec.IsDefined) { secretName = SelectedMode.GetString(Parameter.SecretDec.ID); plaintext = Alias.RecoverSecret(secretName); } else { ciphertext = SelectedMode.GetString(Parameter.InDecText.ID); plaintext = Alias.DecryptText(ciphertext); } } WriteOutput(plaintext, Parameter.OutDecText.ID, Samples.Plaintext); } catch (Exception ex) { throw new X509CryptoException(@"Unable to decrypt the specified expression or secret", ex); } }
private static bool CreateAlias(string aliasName, string thumbprint, X509Context Context) { X509Alias Alias = null; try { Alias = new X509Alias(aliasName, thumbprint, Context, true); Alias.Commit(); return(true); } catch (X509AliasAlreadyExistsException) { if (Util.WarnConfirm($"{nameof(X509Alias)} {aliasName.InQuotes()} already exists. Do you wish to overwrite it?", Constants.Affirm)) { Alias = new X509Alias(aliasName, thumbprint, Context, false); Alias.Commit(); return(true); } else { return(false); } } }
private static void DumpAlias() { string output = string.Empty; string aliasName = string.Empty; X509Context Context = null; bool reveal = false; try { aliasName = SelectedMode.GetString(Parameter.AliasToDump.ID); Context = SelectedMode.GetContext(Parameter.Context.ID); reveal = SelectedMode.GetBool(Parameter.Reveal.ID); using (X509Alias Alias = new X509Alias(aliasName, Context)) { output = SelectedMode.OutputType == Output.File ? Alias.DumpSecrets(SecretDumpFormat.CommaSeparated, reveal) : Alias.DumpSecrets(SecretDumpFormat.Text, reveal); } WriteOutput(output, Parameter.OutDumpAlias.ID); } catch (Exception ex) { throw new X509CryptoException($"Unable to dump the specified {nameof(X509Alias)}", ex); } }
private static void ExportCert() { string outfile = string.Empty; string thumbprint = string.Empty; string aliasName = string.Empty; SecureString Password = null; X509Context Context = null; X509Alias Alias = null; try { if (!(SelectedMode.IsParameterDefined(Parameter.AliasExportCert.ID) ^ SelectedMode.IsParameterDefined(Parameter.ThumbprintToExport.ID))) { throw new ArgumentException($"Either {Parameter.AliasExportCert.Name} or {Parameter.ThumbprintToExport.Name} must be defined, but not both"); } outfile = SelectedMode.GetString(Parameter.OutExportCert.ID); try { Path.GetFullPath(outfile); } catch { throw new IOException($"Not a valid NTFS path: {outfile}"); } if (!Path.GetExtension(outfile).Matches(FileExtensions.Pfx)) { outfile = $"{outfile}{FileExtensions.Pfx}"; } if (File.Exists(outfile)) { if (Util.WarnConfirm($"The specified file {outfile} already exists. Do you wish to overwrite it?", Constants.Affirm)) { X509Utils.DeleteFile(outfile, confirmDelete: true); } else { return; } } Context = SelectedMode.GetContext(Parameter.Context.ID); if (SelectedMode.IsParameterDefined(Parameter.AliasExportCert.ID)) { aliasName = SelectedMode.GetString(Parameter.AliasExportCert.ID); Alias = new X509Alias(aliasName, Context); thumbprint = Alias.Thumbprint; } else { thumbprint = SelectedMode.GetString(Parameter.ThumbprintToExport.ID); } Password = Util.GetPassword(@"Enter a strong password: "******"Encryption certificate with thumbprint {thumbprint} from the {Context.Name} {nameof(X509Context)} has been exported to the file {outfile.InQuotes()}"); } catch (Exception ex) { throw new X509CryptoException(@"Unable to export the specified certificate and key pair", ex); } }