Store and retreive RSA private key in Windows - windows

I have a pretty simple scenario/requirement:
Generate RSA private/public key pair through OpenSSL or any online RSA key pair generator
Save the private key to the windows internal store (so it does not lay around as just a file somewhere
Create a PowerShell script, that looks into the store, locates the key, and uses it.
(basically, I will have a PS script, to which I send a 3rd party tool already encrypted password, and I expect that PS script to decrypt that password using a locally stored private key and use it on-the-fly)
This so far showed an unreachable goal, because:
I haven't found a way, how to import .pem file with the key
.cer file apparently does not contain the key
the only way (so far what I have found) how to import the key is conversion to .pfx file, which can be imported, BUT
.pfx file cannot be read as plain text - there seems to be no reasonable way from Powershell to locate the key and read it for usage in decryption
there is a module PSPKI, but it seems to accept the file and not the stored/installed certificate/key.
So anyone has any idea, how can I import a simple private key to Windows for later read-out from PowerShell for further usage?
Thank you!

Have a look at this class to load the PFX: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2?view=net-7.0
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\my.pfx", "password");
Next step is to open the store. After you checked which one fits best (machine or user) you can use X509Store to read and write there. Do not forget the Open method. When a certificate with private key (off) is added the key ist stored and the file can be deleted.

Related

Read file from folder then encrypt and decrypt it using GPG/PGP

I am trying to encrypt a file using GPG and then decrypt it whenever required.
I saw an example to encrypt it
https://gist.github.com/ayubmalik/a83ee23c7c700cdce2f8c5bf5f2e9f20
But, there is nothing described about how to decrypt it
There is one more example that allows String or text encryption and decryption
https://gist.github.com/stuart-warren/93750a142d3de4e8fdd2.
But, I have to work on files. Can anyone help me to find the solution to it?

key retrieved from keyserver (keys.openpgp.org) can't be used (gpgme)

everyone
I've generated a pair of keys associated with my email address and uploaded the public key to the keyserver: keys.openpgp.org. With the help of gpgme examples, I wrote a C++ program using Visual Studio to retrieve my public key both locally,
gpgme_set_keylist_mode(ceofcontext, GPGME_KEYLIST_MODE_LOCAL);
and remotely,
gpgme_set_keylist_mode(ceofcontext, GPGME_KEYLIST_MODE_EXTERN);
The key's fingerprint, email, algorithm, name are all correct. The problem is that the key's fields: can_encrypt, can_sign and can_certify are 0 when it is retrieved from the remote key server. This renders the key retrieved remotely unusable.
Has anyone run into similar issue ?
Thanks,
Eric

Private key is not installed in MAC

I am trying to validate my app after archive in xcode. But it throughs error like
I am using mac for first time and dont know what is happening.
CAn somebody please ans the question. (I have searched a lot but no ans)
It is exactly saying 'distribution' private key is missing.
for the red marked certificate. Whoever created the distribution certificate will be having the private key in their key chain. get the certificate and private key (both selected)export as .p12 file. remove the current public certificate and import the exported file into keychain

Transferring public and private key on mac

How do I transfer both private / public keys from one mac to the other?
I know how to export the private key to .p12 with Keychain Access, and then when I double click it in the destination mac, it's added to Keychain Access.
However, when I export the public key to .pem file, double clicking it in the destination mac just spits out:
An error has occurred. Unable to import an item. The contents of this item cannot be retrieved.
When I tried the solution of security import pub.pem -k login.keychain, it said 1 key imported., but it doesn't show on Keychain Access.
Am I missing anything?
Should I not bother with transferring the public key?
Is importing just that private key enough?
Is the only way just recovering the public key from the private key?
Thanks
According to this, it looks like when running the security import... command, it's added to the keychain with the generic name Imported Public Key.
Now you just need to rename it to the relevant one (e.g. like the private key name).

Can I effectively choose gnupg recipients by email address?

We have a perl program that generates gpg encrypted files for multiple folks.
Today, we added dan#example.com.
When I run the encryption script, it happily encrypts the file for dan#example.com using jordan#example.com. This is presumably because jordan#example.com was in my keyring first.
I've tested from the command line, and if I use gpg -r dan#example.com --encrypt foo.txt, the friendly client chooses to use the public key for jordan#example.com, instead of the more explicit dan#example.com.
Of course, if I use key ids it works, but that's not really what we've got here. Is there a way to tell gnupg to use the more explicit email address without resorting to key ids?
This is documented in the manual page that comes with gpg. Section "HOW TO SPECIFY A USER ID" you find the option "By exact match on an email address.". So the answer to your question is to use angle braces such as <dan#example.com>.

Resources