Continuing the story, I would like to uncover some new features which are available with PSPKI v3.0. I started X.509 certificate revocation list (CRL) object factory development and already shipped basic features. These features are implemented via a set of methods. The main use case of these functions is OCSP server’s local revocation configuration. When you open revocation configuration properties, you will see Local CRL tab:

Continuing the story about new release I will talk about two interesting features.

PKCS#7 data support

Previously there was only basic PKCS#10 certificate request support. However, there are many cases when certificate request is composed in a PKCS#7 signed message. As a start point, I tried to utilize both, EnvelopedCms and SignedCms and other related classes in the PKCS namespace. However, I quickly figured out that these classes are completely useless and do not provide any way to access PKCS#7 contents. Shame on .NET!

Continuing the story about new release I will talk about two interesting features.

Set-CertificateExtension

Windows CA supports extension addition to a certificate request. Sometimes it is necessary. For example, IIS admin submitted certificate request for one of the web site. He used IIS Manager console to generate request. The biggest drawback of the IIS certificate request manager – it doesn’t allow you to specify subject alternative names (SAN). Or another example, some application requires custom extension which cannot be added through Certificate Templates console. Or, maybe, certificate request contains some unwanted extensions and you want to disable them. Set-CertificateExtension command will be very handy in such situations.

I was silent for about 3 months or so. There was no interesting topics to discuss and I hardly worked on my public projects, including PowerShell PKI module, PS Cmdlet Help Editor and ASN.1 Editor (not yet public). Today I completed new PS PKI module release and there is something to talk about.

New milestone

Hellya! We reached 2000 downloads in 6 months! I think, it is a good progress! :)

As promised, there was a need to move forward and use some more efficient tools. As the result, my underlying API library was migrated to .NET Framework 4.0. There are no plans to move to 4.5, so you can be safe about this. For some time. Windows PowerShell 2.0 do not support CLR 4.0 assemblies, therefore, Windows PowerShell 2.0 is out of support. Although, PowerShell scripts are written in PS v2.0 and do not use any features of new languages, I don’t think, it will be a big problem. Minimum supported PowerShell version is 3.0.

Recently I faced an interesting issue with unmanaged structure definitions that contains unions. Unions allow one portion of memory to be accessed as different data types. Here is a CERT_ID structure definition in C++ that uses an anonymous union (exact my issue):