Update 18.11.2013: pointed URL to a CodePlex project page.

Phinally!!!

Abstract

As you already know, last time I worked on my next PowerShell PKI module and encountered in an issue with Microsoft’s Cmdlet Help Editor. When I tried to open my module (and any other built-in module) I got very nice message:

Ok, I tried to download sources (thanks, they are available for download) and was stuck with WPF. I heard that WPF is a modern replacement for WinForms, and that was the only what I knew about WPF. I was able to fix mentioned message issue, but failed with application layout. The form has fixed size and no scroll bars. So I couldn’t access textboxes and commands which are outside of my screen (even if I worked on a 1680*1050 display). And I decided to create my own Help Editor with with “blackjack and hookers”.

Hello S-1-1-0! I rarely write offtopic posts, but holy tits God, sometimes it happens!!! Today NHL lockout is ended (although tentatively, but in any way)!!!!!!1111oneone

Abstract

I missed real hockey (KHL is not a sort of good hockey) and this year lockout was very disappointing. Now we have shortened season (48-50) games and it is much better than nothing.

As per recent news, a new CBA (Collective Bargaining Agreement) is signed for another 10 years. The season may start at January 15 (for 50-game season) or 19 (for 48-game season). Salary cap for this season remains the same ($70,2 million) and for the next season it is set to $64,3 million.

Hello S-1-1-0! Today I would like to present a PowerShell script that allows you to add multiple files to a form and sign them using Authenticode signature.

As you already know, I’m using Software Restriction Policies and Applocker to prevent users (including myself) from running unauthorized applications and scripts. I’m using various options to allow certain applications and scripts in group policy. In certain cases I’m using hash rules, but mostly (as possible) I’m using digital signatures and publisher/certificate rules.

Since I’m writing a lot of PowerShell scripts I have to sign them in user-friendly way. Yes, there is Set-AuthenticodeSignature cmdlet, but I dislike to specify file path and signing certificate each time I want to sign something. Previously I used a nice function that adds a context menu to Windows Explorer and signs file: Подписывание скриптов PowerShell – практическая реализация (часть 2). However this script adds context menu only for PS1 files, while there are a lot of other file types that supports digital signatures. To address this question I wrote a little WinForms PowerShell script that allows me to perform file signing very easy. At first I start with screenshots.

Hi again! Recently I faced an issue with my Test-WebServerSSL function which is also available in my Powershell PKI module.

Issue

In certain cases, the function returns certificate chain errors, while Internet Explorer (as well as other web browsers) works normally and do not report anything wrong. For example, you can open https://www.nic.lv/ web site without any issues in your web browser. When you run Test-WebServerSSL function against this web site, you get the following:

Hello folks! If you are longing for CryptoAPI stuff here, then you are on the right page. Here you will see another bunch of CryptoAPI, PowerShell and p/invoke hardcore.

Today’s subject is to convert PFX file to PEM format. A time ago I wrote a function that does opposite — converts PEM to PFX: How to convert PEM file to a CryptoAPI compatible format. Read this post to get information about CryptoAPI structures and ASN modules for PKCS#1 and PKCS#8 structures.

The script below performs the following tasks:

1. Reads certificate or certificate file. If the file is not valid PFX or certificate hasn’t associated private key, an exception will be thrown.
2. Acquires private key (via unmanaged function calls) and attempts to export raw private key from CSP. If the private key is not marked as exportable or it is stored on smart card, an error will be thrown.
3. Inspects CryptoAPI private key blob as described here: RSA/Schannel Key BLOBs, removes header, reads raw private key and splits it to components (modulus, primes, exponents, coefficient). Each component is stored in separate variable.
4. Generates required ASN structures according to output type by using basic ASN encoder.
5. composes certificate and private key and saves them to file.