public void ExportImportEncryptTest() { byte[] toEncrypt = new byte[] { 1, 2, 3, 4 }; string filePath = @".\TestPublic.Key"; try { File.Delete(filePath); } catch (Exception) { } ManagedRSAEncryption util = new ManagedRSAEncryption(); util.ExportPublicKeytoFile(TestProvider, TestKeyName, filePath); Assert.IsTrue(File.Exists(filePath)); byte[] encryptedBytes = util.EncryptWithFileKey(filePath, toEncrypt); Assert.IsNotNull(encryptedBytes); byte[] decryptedBytes = util.DecryptWithLocalKey(TestProvider, TestKeyName, encryptedBytes); Assert.AreEqual(System.Convert.ToBase64String(toEncrypt), System.Convert.ToBase64String(decryptedBytes)); try { File.Delete(filePath); } catch (Exception) { } }
protected override void ProcessRecord() { byte[] pfxData; if (this.ParameterSetName == PFXBase64String) { pfxData = Convert.FromBase64String(Base64EncodedPfx); } else { pfxData = File.ReadAllBytes(PathToPfxFile); } X509Certificate2 pfxCert = new X509Certificate2(); try { pfxCert.Import(pfxData, PfxPassword, X509KeyStorageFlags.DefaultKeySet); } catch (CryptographicException ex) { if (ex.HResult == ErrorCodeCantOpenFile) { ThrowTerminatingError( new ErrorRecord( new ArgumentException( string.Format("Could not Read Thumbprint on file at path: '{0}'. File must be a certificate.", PathToPfxFile), ex), Guid.NewGuid().ToString(), ErrorCategory.InvalidArgument, null)); } else if (ex.HResult == ErrorCodeNetworkPasswordIncorrect) { ThrowTerminatingError( new ErrorRecord( new ArgumentException("Could not Read Thumbprint. Verify Password is Correct.", ex), Guid.NewGuid().ToString(), ErrorCategory.InvalidArgument, null)); } else { ThrowTerminatingError( new ErrorRecord( new ArgumentException("Could not Read Thumbprint. Unknown Cause", ex), Guid.NewGuid().ToString(), ErrorCategory.InvalidArgument, null)); } } ManagedRSAEncryption encryptUtility = new ManagedRSAEncryption(); byte[] password = new byte[PfxPassword.Length]; GCHandle pinnedPasswordHandle = GCHandle.Alloc(password, GCHandleType.Pinned); byte[] encryptedPassword = null; try { ConvertSecureStringToByteArray(PfxPassword, ref password); string hashAlgorithm; int paddingFlags; switch (PaddingScheme) { case UserPfxPaddingScheme.Pkcs1: case UserPfxPaddingScheme.OaepSha1: ThrowTerminatingError( new ErrorRecord( new ArgumentException("Pkcs1 and OaepSha1 are no longer supported."), Guid.NewGuid().ToString(), ErrorCategory.InvalidArgument, null)); return; case UserPfxPaddingScheme.OaepSha256: hashAlgorithm = PaddingHashAlgorithmNames.SHA256; paddingFlags = PaddingFlags.OAEPPadding; break; case UserPfxPaddingScheme.OaepSha384: hashAlgorithm = PaddingHashAlgorithmNames.SHA384; paddingFlags = PaddingFlags.OAEPPadding; break; case UserPfxPaddingScheme.None: PaddingScheme = UserPfxPaddingScheme.OaepSha512; goto default; // Since C# doesn't allow switch-case fall-through! case UserPfxPaddingScheme.OaepSha512: default: hashAlgorithm = PaddingHashAlgorithmNames.SHA512; paddingFlags = PaddingFlags.OAEPPadding; break; } if (KeyFilePath != null) { encryptedPassword = encryptUtility.EncryptWithFileKey(KeyFilePath, password, hashAlgorithm, paddingFlags); } else { encryptedPassword = encryptUtility.EncryptWithLocalKey(ProviderName, KeyName, password, hashAlgorithm, paddingFlags); } } finally { if (password != null) { password.ZeroFill(); } if (pinnedPasswordHandle.IsAllocated) { pinnedPasswordHandle.Free(); } } string encryptedPasswordString = Convert.ToBase64String(encryptedPassword); UserPFXCertificate userPfxCertifiate = new UserPFXCertificate(); userPfxCertifiate.Thumbprint = pfxCert.Thumbprint.ToLowerInvariant(); userPfxCertifiate.IntendedPurpose = (UserPfxIntendedPurpose)IntendedPurpose; userPfxCertifiate.PaddingScheme = (UserPfxPaddingScheme)PaddingScheme; userPfxCertifiate.KeyName = KeyName; userPfxCertifiate.UserPrincipalName = UPN; userPfxCertifiate.ProviderName = ProviderName; userPfxCertifiate.StartDateTime = Convert.ToDateTime(pfxCert.GetEffectiveDateString(), CultureInfo.CurrentCulture); userPfxCertifiate.ExpirationDateTime = Convert.ToDateTime(pfxCert.GetExpirationDateString(), CultureInfo.CurrentCulture); userPfxCertifiate.CreatedDateTime = DateTime.Now; userPfxCertifiate.LastModifiedDateTime = DateTime.Now; userPfxCertifiate.EncryptedPfxPassword = encryptedPasswordString; userPfxCertifiate.EncryptedPfxBlob = pfxData; WriteObject(userPfxCertifiate); }