Posts on this page:
It was a long-waited decision, however, finally I did it. Today I released my two major .NET projects to GitHub:
This is my own ASN.1 binary parser. ASN.1 parser/reader is a mandatory component when you are dealing with cryptography and cryptographic messages, because all they use ASN.1. I’m using this library in ASN.1 Editor and PowerShell PKI module’s API library (it is now opensourced as well).
I was silent recently, because the blog was down. SharePoint is a nightmare for me. Hopefully, I’m writing my own web site with ASP.NET MVC and have plans to move to a reliable hosting in near future.
Today I want to discuss the question about extracting relative distinguished name (RDN) attributes from X.500 full distinguished name (DN) in PowerShell.
When I started PowerShell PKI module project, I quickly realized that I will have to deal with abstract syntax notation one (ASN.1) with distinguished encoding rules (DER) encoding subset. This is because all transferrable cryptographic objects are encoded in ASN.1 and in DER encoding. X.509 certificates, revocation lists, trust lists, OCSP, etc., etc..
Time by time I receive questions about alternate signature algorithms. What is the difference between them and what benefits are in an alternate signature algorithms.
As per TechNet article:
For certificates based on RSA algorithms, PKCS #1 v2.1 specifies separate object identifiers for the hash algorithm and for the asymmetric algorithm. (In PKCS #1 v.1.5, only one object identifier is used to identify both the hash and asymmetric algorithms.) In addition, if you select the alternate signature format for certificates based on RSA algorithms, an enhanced cryptographic formula is used to create the signature.
Generally speaking, alternate signature algorithm (signature format) just allows to specify additional details about how signature is constructed.
Hello folks! If you are longing for CryptoAPI stuff here, then you are on the right page. Here you will see another bunch of CryptoAPI, PowerShell and p/invoke hardcore.
Today’s subject is to convert PFX file to PEM format. A time ago I wrote a function that does opposite — converts PEM to PFX: How to convert PEM file to a CryptoAPI compatible format. Read this post to get information about CryptoAPI structures and ASN modules for PKCS#1 and PKCS#8 structures.
The script below performs the following tasks: