private static void ReEncryptFile()
{
string oldAliasName = string.Empty;
string newAliasName = string.Empty;
string infile = string.Empty;
X509Alias OldAlias = null;
X509Alias NewAlias = null;
X509Context OldContext = null;
X509Context NewContext = null;
try
{
oldAliasName = SelectedMode.GetString(Parameter.OldAlias.ID);
newAliasName = SelectedMode.GetString(Parameter.NewAliasReEnc.ID);
OldContext = SelectedMode.GetContext(Parameter.OldContext.ID);
NewContext = SelectedMode.GetContext(Parameter.NewContext.ID);
infile = SelectedMode.GetString(Parameter.InReEncFile.ID);
OldAlias = new X509Alias(oldAliasName, OldContext);
NewAlias = new X509Alias(newAliasName, NewContext);
X509Utils.ReEncryptFile(OldAlias, NewAlias, infile);
ConsoleMessage($"The file {infile.InQuotes()} was successfully re-encrypted using the X509Crypto alias {newAliasName.InQuotes()} located in the {NewContext.Name.InQuotes()} {nameof(X509Context)}");
}
catch (Exception ex)
{
throw new X509CryptoException(@"Unable to re-encrypt the specified file", ex);
}
}
static void EncryptText()
{
bool secretAdded = false;
string ciphertext = string.Empty;
string outfile = string.Empty;
string aliasName = string.Empty;
string secretName = string.Empty;
string plaintext = string.Empty;
X509Context Context = null;
try
{
aliasName = SelectedMode.GetString(Parameter.AliasEnc.ID);
Context = SelectedMode.GetContext(Parameter.Context.ID);
plaintext = SelectedMode.GetString(Parameter.InEncText.ID);
using (X509Alias Alias = new X509Alias(aliasName, Context))
{
if (Parameter.SecretEnc.IsDefined)
{
secretName = SelectedMode.GetString(Parameter.SecretEnc.ID);
ciphertext = Alias.EncryptText(plaintext);
secretAdded = Util.AddSecret(secretName, ciphertext, Alias);
}
}
if (!secretAdded)
{
WriteOutput(ciphertext, Parameter.OutEncText.ID, Samples.Ciphertext);
}
}
catch (Exception ex)
{
throw new X509CryptoException($"An exception occurred when attempting to export the {nameof(X509Alias)}", ex);
}
}
public X509AliasDescription(X509Alias Alias)
{
AliasName = Alias.Name;
Thumbprint = Alias.Thumbprint;
Subject = Alias.Certificate.Subject;
Expires = Alias.Certificate.NotAfter;
}
private static void ImportAlias()
{
try
{
string aliasName = Parameter.AliasToImport.IsDefined ? SelectedMode.GetString(Parameter.AliasToImport.ID) : string.Empty;
string inFile = SelectedMode.GetString(Parameter.InImportAlias.ID);
bool overwriteExisting = SelectedMode.GetBool(Parameter.OverWriteExistingAlias.ID);
X509Context Context = SelectedMode.GetContext(Parameter.Context.ID);
X509Alias AliasToImport = X509Alias.Import(inFile, Context, aliasName);
if (!overwriteExisting && X509Alias.AliasExists(AliasToImport))
{
throw new X509AliasAlreadyExistsException(AliasToImport);
}
AliasToImport.Commit();
ConsoleMessage($"{nameof(X509Alias)} {AliasToImport.Name.InQuotes()} has been successfully imported into the {Context.Name} {nameof(X509Context)} from the file {inFile.InQuotes()}");
if (!X509CryptoAgent.CertificateExists(AliasToImport))
{
ConsoleWarning($"An encryption certificate with thumbprint {AliasToImport.Thumbprint.InQuotes()} could not be found in the {Context.Name} {nameof(X509Context)}. Ensure this certificate is installed on the system before using this alias.");
}
}
catch (Exception ex)
{
if (ex is X509AliasAlreadyExistsException)
{
throw;
}
else
{
throw new X509CryptoException(@"Unable to import the specified alias", ex);
}
}
}
private static void ExportAlias()
{
string aliasName = string.Empty;
string outfile = string.Empty;
try
{
aliasName = SelectedMode.GetString(Parameter.AliasToExport.ID);
outfile = SelectedMode.GetString(Parameter.OutExportAlias.ID);
bool overwriteExisting = SelectedMode.GetBool(Parameter.OverWriteExistingFile.ID);
X509Context Context = SelectedMode.GetContext(Parameter.Context.ID);
X509Alias Alias = new X509Alias(aliasName, Context);
Alias.Export(ref outfile, includeCert: true, overwriteExisting);
ConsoleMessage($"{nameof(X509Alias)} aliasName was successfully exported to file {outfile.InQuotes()}");
}
catch (FileNotFoundException)
{
throw;
}
catch (X509CryptoException)
{
throw;
}
catch (Exception ex)
{
throw new X509CryptoException($"An exception occurred when attempting to export the {nameof(X509Alias)}", ex);
}
}
private static void UpdateAlias()
{
try
{
string aliasName = SelectedMode.GetString(Parameter.AliasToUpdate.ID);
string newThumbprint = SelectedMode.GetString(Parameter.Thumbprint.ID);
X509Context OldContext = SelectedMode.GetContext(Parameter.OldContext.ID);
X509Context NewContext = SelectedMode.GetContext(Parameter.NewContext.ID, OldContext);
if (!X509CryptoAgent.CertificateExists(newThumbprint, NewContext))
{
throw new X509CryptoCertificateNotFoundException(newThumbprint, NewContext);
}
X509Alias Alias = new X509Alias(aliasName, OldContext);
Alias.ReEncrypt(newThumbprint, NewContext);
Alias.Commit();
ConsoleMessage($"{nameof(X509Alias)} {aliasName} successfully updated. Now using encryption certificate with thumbprint {newThumbprint} from the {NewContext.Name} {nameof(X509Context)}");
}
catch (Exception ex)
{
if (ex is X509CryptoCertificateNotFoundException)
{
throw;
}
else
{
throw new X509CryptoException(@"Unable to update the specified alias", ex);
}
}
}
private void DoWork()
{
Console.WriteLine($"Path: {Path}");
var Context = X509Context.Select(Location, true);
var Alias = Context.GetAliases(true).FirstOrDefault(p => p.Name.Matches(Name));
if (null != Alias)
{
if (!Overwrite || !Util.WarnConfirm($"An existing {nameof(X509Alias)} with the name {Name.InQuotes()} exists in the {Context.Name} {nameof(X509Context)}. OK to overwrite?", Constants.Affirm))
{
throw new X509CryptoException($"Could not import the certificate. An {nameof(X509Alias)} with the name {Name.InQuotes()} exists in the {Context.Name} {nameof(X509Context)}");
}
}
var PfxPassword = Util.GetPassword($"Enter the password to unlock {System.IO.Path.GetFileName(Path).InQuotes()}", 0);
var thumbprint = X509Utils.InstallCert(Path, PfxPassword, Context);
StringBuilder Expression = new StringBuilder($"Added encryption certificate to the {Context.Name} {nameof(X509Context)}. \r\nCertificate Thumbprint: {thumbprint}");
if (null != Alias && Alias.HasCert(Context))
{
Alias.ReEncrypt(thumbprint, Context);
Expression.AppendLine($"\r\nAll secrets contained in the existing {nameof(X509Alias)} {Alias.Name.InQuotes()} have been re-encrypted using the new certificate.");
}
else
{
Alias = new X509Alias(Name, thumbprint, Context, false);
Alias.Commit();
Expression.Append($"\r\n {nameof(X509Alias)}: {Name}");
}
Util.ConsoleMessage(Expression.ToString());
Result = Alias;
}
private void DoWork()
{
context = X509Context.Select(Location, true);
X509Alias Alias = new X509Alias(Name, context);
Result = Alias;
Console.WriteLine($"Alias {Name.InQuotes()} has been loaded from the {context.Name.InQuotes()} {nameof(X509Context)}");
}
static void Main(string[] args)
{
var OldAlias = new X509Alias(@"exporttest", X509Context.UserFull);
var NewAlias = new X509Alias(@"updateSample", X509Context.UserFull);
OldAlias.EncryptFile(@"P:\_temp\test.docx", @"P:\_temp\test.docx.ctx");
NewAlias.ReEncryptFile(@"P:\_temp\test.docx.ctx", OldAlias);
}
private void DoWork()
{
string name = Alias.Name;
Alias.Dispose();
Alias = null;
Console.WriteLine($"{nameof(X509Alias)} {name.InQuotes()} has been dismounted.");
Result = true;
}
private static void EncryptFile()
{
int wipeTimesToWrite = 0;
string inFile = string.Empty;
string outfile = string.Empty;
string aliasName = string.Empty;
bool overwriteExisting = false;
X509Context Context = null;
try
{
inFile = SelectedMode.GetString(Parameter.InEncFile.ID);
if (Parameter.OutEncFile.IsDefined)
{
outfile = SelectedMode.GetString(Parameter.OutEncFile.ID);
}
else
{
outfile = $"{inFile}{FileExtensions.Ciphertext}";
}
overwriteExisting = SelectedMode.GetBool(Parameter.OverWriteExistingFile.ID);
Util.CheckForExistingFile(outfile, overwriteExisting, Parameter.OverWriteExistingFile.Name, Constants.Affirm);
if (Parameter.Wipe.IsDefined)
{
if (!Util.WarnConfirm($"You have included the {Parameter.Wipe.Name.InQuotes()} argument. This will permanently delete the file {inFile.InQuotes()} from disk.", Constants.Affirm))
{
return;
}
else
{
wipeTimesToWrite = SelectedMode.GetInt(Parameter.Wipe.ID);
}
}
aliasName = SelectedMode.GetString(Parameter.AliasEnc.ID);
Context = SelectedMode.GetContext(Parameter.Context.ID);
using (X509Alias Alias = new X509Alias(aliasName, Context))
{
Alias.EncryptFile(inFile, outfile, wipeTimesToWrite);
}
StringBuilder Expression = new StringBuilder($"The file {inFile.InQuotes()} was successfully encrypted. The ciphertext file name is {outfile.InQuotes()}");
if (Parameter.Wipe.IsDefined)
{
Expression.Append($"\r\nThe plaintext file has also been erased from disk");
}
ConsoleMessage(Expression.ToString());
}
catch (Exception ex)
{
throw new X509CryptoException(@"Unable to encrypt the specified file", ex);
}
}
private void DoWork()
{
context = X509Context.Select(Location, true);
if (string.IsNullOrEmpty(Thumbprint))
{
Thumbprint = MakeCert();
}
X509Alias Alias = new X509Alias(Name, Thumbprint, context, true);
Alias.Commit();
Result = Alias;
Console.WriteLine($"New alias {Name.InQuotes()} committed to {context.Name.InQuotes()} {nameof(X509Context)}\r\nThumbprint: {Alias.Thumbprint}");
}
private static void AddAlias()
{
try
{
string thumbprint = SelectedMode.GetString(Parameter.Thumbprint.ID);
string aliasName = SelectedMode.GetString(Parameter.AliasToAdd.ID);
X509Context Context = SelectedMode.GetContext(Parameter.Context.ID);
X509Alias NewAlias = new X509Alias(aliasName, thumbprint, Context, AllowExistingAlias.No);
NewAlias.Commit();
ConsoleMessage($"New {nameof(X509Alias)} {aliasName.InQuotes()} was created in the {Context.Name} {nameof(X509Context)} using certificate with thumbprint {thumbprint.InQuotes()}");
}
catch (Exception ex)
{
throw new X509CryptoException(@"An exception occurred. The new alias could not be created.", ex);
}
}
private void DoWork()
{
if (aliasSet)
{
if (contextSet || thumbprintSet)
{
throw new ParameterBindingException($"Either the {nameof(Alias).InQuotes()} parameter or the {nameof(Location).InQuotes()} and {nameof(Thumbprint).InQuotes()} parameters must be set.");
}
}
else
{
if (!(contextSet && thumbprintSet))
{
throw new ParameterBindingException($"Either the {nameof(Alias).InQuotes()} parameter or the {nameof(Location).InQuotes()} and {nameof(Thumbprint).InQuotes()} parameters must be set.");
}
}
if (!aliasSet)
{
Alias = new X509Alias(string.Empty, Thumbprint, Context, false);
}
if (!System.IO.Path.GetExtension(Path).Matches(FileExtensions.Pfx))
{
path = $"{path}{FileExtensions.Pfx}";
}
if (File.Exists(Path))
{
if (Overwrite || Util.WarnConfirm($"The specified file {Path.InQuotes()} already exists. Do you wish to overwrite it?", Constants.Affirm))
{
X509Utils.DeleteFile(Path, confirmDelete: true);
}
else
{
throw new X509CryptoException($"The specified file {Path.InQuotes()} already exists.");
}
}
var Password = Util.GetPassword(@"Enter a strong password (needed to unlock the .pfx file)", Constants.MinimumPasswordLength, true);
X509CryptoAgent.ExportPFX(Alias.Thumbprint, Alias.Context, Path, Password.Plaintext());
Util.ConsoleMessage($"Encryption certificate with thumbprint {Alias.Thumbprint} from the {Alias.Context.Name} {nameof(X509Context)} has been exported to the file {Path.InQuotes()}");
Result = new FileInfo(Path);
}
private static void RemoveAlias()
{
try
{
string aliasName = SelectedMode.GetString(Parameter.AliasToRemove.ID);
X509Context Context = SelectedMode.GetContext(Parameter.Context.ID);
if (Util.WarnConfirm($"This will ERASE the {nameof(X509Alias)} {aliasName.InQuotes()} from the {Context.Name} {nameof(X509Context)} on this computer.", Constants.Affirm))
{
X509Alias AliasToRemove = new X509Alias(aliasName, Context);
AliasToRemove.Remove();
ConsoleMessage($"{nameof(X509Alias)} {aliasName.InQuotes()} was removed from the {Context.Name} {nameof(X509Context)}.");
}
}
catch (Exception ex)
{
throw new X509CryptoException(@"Unable to remove the specified alias", ex);
}
}
private void DoWork()
{
var Context = X509Context.Select(Location, true);
var AliasToImport = X509Alias.Import(Path, Context, Name);
if (!Overwrite && X509Alias.AliasExists(AliasToImport))
{
throw new X509AliasAlreadyExistsException(AliasToImport);
}
AliasToImport.Commit();
Util.ConsoleMessage($"{nameof(X509Alias)} {AliasToImport.Name.InQuotes()} has been successfully imported into the {Context.Name} {nameof(X509Context)} from the file {Path.InQuotes()}");
if (!X509CryptoAgent.CertificateExists(AliasToImport))
{
Util.ConsoleWarning($"An encryption certificate with thumbprint {AliasToImport.Thumbprint.InQuotes()} could not be found in the {Context.Name} {nameof(X509Context)}. Ensure this certificate is installed on the system before using this alias.");
}
Result = AliasToImport;
}
private static void ReEncryptText()
{
bool secretAdded = false;
string oldCiphertext = string.Empty;
string newCiphertext = string.Empty;
string oldAliasName = string.Empty;
string targetAliasName = string.Empty;
string secretName = string.Empty;
string outfile = string.Empty;
X509Context OldContext = null;
X509Context TargetContext = null;
X509Alias OldAlias = null;
X509Alias TargetAlias = null;
try
{
oldAliasName = SelectedMode.GetString(Parameter.OldAlias.ID);
targetAliasName = SelectedMode.GetString(Parameter.NewAlias.ID);
OldContext = SelectedMode.GetContext(Parameter.OldContext.ID);
TargetContext = SelectedMode.GetContext(Parameter.TargetContext.ID);
OldAlias = new X509Alias(oldAliasName, OldContext);
TargetAlias = new X509Alias(targetAliasName, TargetContext);
newCiphertext = TargetAlias.ReEncryptSecret(secretName, OldAlias);
if (Parameter.SecretReEnc.IsDefined)
{
secretName = SelectedMode.GetString(Parameter.SecretReEnc.ID);
secretAdded = Util.AddSecret(secretName, newCiphertext, TargetAlias);
}
if (!secretAdded)
{
WriteOutput(newCiphertext, Parameter.OutEncText.ID, Samples.Ciphertext);
}
}
catch (Exception ex)
{
ConsoleError(new X509CryptoException(@"Unable to re-encrypt the specified expression", ex), SelectedMode.Usage(SelectedCommand.Name, InCli));
}
}
static void DecryptText()
{
string plaintext = string.Empty;
string ciphertext = string.Empty;
string outfile = string.Empty;
string aliasName = string.Empty;
string secretName = string.Empty;
X509Context Context = null;
try
{
if (!(Parameter.SecretDec.IsDefined ^ Parameter.InDecText.IsDefined))
{
throw new X509CryptoException($"Either {Parameter.SecretDec.Name.InQuotes()} or {Parameter.InDecText.Name.InQuotes()} must be defined, but not both.");
}
aliasName = SelectedMode.GetString(Parameter.AliasDec.ID);
Context = SelectedMode.GetContext(Parameter.Context.ID);
using (X509Alias Alias = new X509Alias(aliasName, Context))
{
if (Parameter.SecretDec.IsDefined)
{
secretName = SelectedMode.GetString(Parameter.SecretDec.ID);
plaintext = Alias.RecoverSecret(secretName);
}
else
{
ciphertext = SelectedMode.GetString(Parameter.InDecText.ID);
plaintext = Alias.DecryptText(ciphertext);
}
}
WriteOutput(plaintext, Parameter.OutDecText.ID, Samples.Plaintext);
}
catch (Exception ex)
{
throw new X509CryptoException(@"Unable to decrypt the specified expression or secret", ex);
}
}
private static bool CreateAlias(string aliasName, string thumbprint, X509Context Context)
{
X509Alias Alias = null;
try
{
Alias = new X509Alias(aliasName, thumbprint, Context, true);
Alias.Commit();
return(true);
}
catch (X509AliasAlreadyExistsException)
{
if (Util.WarnConfirm($"{nameof(X509Alias)} {aliasName.InQuotes()} already exists. Do you wish to overwrite it?", Constants.Affirm))
{
Alias = new X509Alias(aliasName, thumbprint, Context, false);
Alias.Commit();
return(true);
}
else
{
return(false);
}
}
}
private static void DumpAlias()
{
string output = string.Empty;
string aliasName = string.Empty;
X509Context Context = null;
bool reveal = false;
try
{
aliasName = SelectedMode.GetString(Parameter.AliasToDump.ID);
Context = SelectedMode.GetContext(Parameter.Context.ID);
reveal = SelectedMode.GetBool(Parameter.Reveal.ID);
using (X509Alias Alias = new X509Alias(aliasName, Context))
{
output = SelectedMode.OutputType == Output.File ? Alias.DumpSecrets(SecretDumpFormat.CommaSeparated, reveal) : Alias.DumpSecrets(SecretDumpFormat.Text, reveal);
}
WriteOutput(output, Parameter.OutDumpAlias.ID);
}
catch (Exception ex)
{
throw new X509CryptoException($"Unable to dump the specified {nameof(X509Alias)}", ex);
}
}
private static void ExportCert()
{
string outfile = string.Empty;
string thumbprint = string.Empty;
string aliasName = string.Empty;
SecureString Password = null;
X509Context Context = null;
X509Alias Alias = null;
try
{
if (!(SelectedMode.IsParameterDefined(Parameter.AliasExportCert.ID) ^ SelectedMode.IsParameterDefined(Parameter.ThumbprintToExport.ID)))
{
throw new ArgumentException($"Either {Parameter.AliasExportCert.Name} or {Parameter.ThumbprintToExport.Name} must be defined, but not both");
}
outfile = SelectedMode.GetString(Parameter.OutExportCert.ID);
try
{
Path.GetFullPath(outfile);
}
catch
{
throw new IOException($"Not a valid NTFS path: {outfile}");
}
if (!Path.GetExtension(outfile).Matches(FileExtensions.Pfx))
{
outfile = $"{outfile}{FileExtensions.Pfx}";
}
if (File.Exists(outfile))
{
if (Util.WarnConfirm($"The specified file {outfile} already exists. Do you wish to overwrite it?", Constants.Affirm))
{
X509Utils.DeleteFile(outfile, confirmDelete: true);
}
else
{
return;
}
}
Context = SelectedMode.GetContext(Parameter.Context.ID);
if (SelectedMode.IsParameterDefined(Parameter.AliasExportCert.ID))
{
aliasName = SelectedMode.GetString(Parameter.AliasExportCert.ID);
Alias = new X509Alias(aliasName, Context);
thumbprint = Alias.Thumbprint;
}
else
{
thumbprint = SelectedMode.GetString(Parameter.ThumbprintToExport.ID);
}
Password = Util.GetPassword(@"Enter a strong password: "******"Encryption certificate with thumbprint {thumbprint} from the {Context.Name} {nameof(X509Context)} has been exported to the file {outfile.InQuotes()}");
}
catch (Exception ex)
{
throw new X509CryptoException(@"Unable to export the specified certificate and key pair", ex);
}
}
