Foreword

Before I will discuss the subject, I want to share my thoughts about the Windows cryptography problems. You can skip this section if you need only solution for the subject.

Cryptography in general is not something new, it is actual for a long time, the problem appeared in very ancient ages. Julius Caesar was one of the notable modern persons who created the problem. It is cryptography. Caesar created so-called Caesar cipher which was enough secure during his life. However, people enough quickly figured out how to decrypt this cipher. Cipher method become more complex to break. For example, middle ages Vigenère cipher was much better than Caesar cipher. There were a lot, but all of them were relatively easy to break. Arthur Scherbius in 20th century invented famous Enigma machine. Americans invented SIGABA which was supposed to fix Enigma’s vulnerability. Time goes forward, cryptography become more complex, stronger against attacks.

Continuing the story, I would like to uncover some new features which are available with PSPKI v3.0. I started X.509 certificate revocation list (CRL) object factory development and already shipped basic features. These features are implemented via a set of methods. The main use case of these functions is OCSP server’s local revocation configuration. When you open revocation configuration properties, you will see Local CRL tab:

Continuing the story about new release I will talk about two interesting features.

PKCS#7 data support

Previously there was only basic PKCS#10 certificate request support. However, there are many cases when certificate request is composed in a PKCS#7 signed message. As a start point, I tried to utilize both, EnvelopedCms and SignedCms and other related classes in the PKCS namespace. However, I quickly figured out that these classes are completely useless and do not provide any way to access PKCS#7 contents. Shame on .NET!

Continuing the story about new release I will talk about two interesting features.

Set-CertificateExtension

Windows CA supports extension addition to a certificate request. Sometimes it is necessary. For example, IIS admin submitted certificate request for one of the web site. He used IIS Manager console to generate request. The biggest drawback of the IIS certificate request manager – it doesn’t allow you to specify subject alternative names (SAN). Or another example, some application requires custom extension which cannot be added through Certificate Templates console. Or, maybe, certificate request contains some unwanted extensions and you want to disable them. Set-CertificateExtension command will be very handy in such situations.

I was silent for about 3 months or so. There was no interesting topics to discuss and I hardly worked on my public projects, including PowerShell PKI module, PS Cmdlet Help Editor and ASN.1 Editor (not yet public). Today I completed new PS PKI module release and there is something to talk about.

New milestone

Hellya! We reached 2000 downloads in 6 months! I think, it is a good progress! :)

As promised, there was a need to move forward and use some more efficient tools. As the result, my underlying API library was migrated to .NET Framework 4.0. There are no plans to move to 4.5, so you can be safe about this. For some time. Windows PowerShell 2.0 do not support CLR 4.0 assemblies, therefore, Windows PowerShell 2.0 is out of support. Although, PowerShell scripts are written in PS v2.0 and do not use any features of new languages, I don’t think, it will be a big problem. Minimum supported PowerShell version is 3.0.