We're hoping to automate the creation of certificates to simplify the process for clients.
To do this, we wanted to create a powershell script that runs through the openssl commands and autofills the inputs.
Here's an example of a command that will be run
openssl req -new -out client.csr -key client.key
And here's the format within the script ($loc being openssl.exe's file location)
& $loc'\openssl.exe' #('req','-new','-out','client.csr','-key', 'client.key')
Running this command will ask the user for several inputs, which I would like to be handled by the script.
We've tried prepending the command with "input" | and echo input | as suggested in other posts, along with different formatting of the command, but to no avail.
I found this script that feeds the inputs as a configuration file, but in testing it asked for inputs anyway
I'm new to powershell, so please be gentle if I'm making a dumb mistake :)
Related
I am having troubles getting a ssh key pair in Powershell. I tried two ways but both didn't work.
PS C:\WINDOWS\system32> ssh-keygen
Cannot start "ssh-keygen". Interactive console applications are not supported.
To run the application, use the Start-Process cmdlet or use "Start PowerShell.exe" from the File menu.
To view/modify the list of blocked console applications, use $psUnsupportedConsoleApplications, or consult online help.
At line:0 char:0
I tried $psUnsupportedConsoleApplications as well, and it does show both ssh-keygen and ssh-keygen.exe .
I also tried the following, and it seemed stuck after "Generating public/private rsa key pair" and doesn't move forward nor gives any error.
PS C:\WINDOWS\system32> ssh-keygen -m PEM -t rsa -b 2048
Generating public/private rsa key pair.
Any insight unblocking this issue would be much appreciated!
So I'm currently doing a project at the moment, and I've came across integrity hashing. So I've been taught to use openssl sha256 to hash a css file for practice. I did this in Terminal, Command prompt and Powershell.
Terminal gave the same results as the Command prompt but powershell gave an entirely new result.
Command Prompt
3BmtwdrKmE6lXPHGqB1Z1jEERC8phQpUwTHMblpJ0Gw=
Terminal
3BmtwdrKmE6lXPHGqB1Z1jEERC8phQpUwTHMblpJ0Gw=
PowerShell
Pxk/Pz8/P04/XD8/Px1ZPzEERC8pPw0KVD8xP25aST9sDQo=
tl;dr
Basically I just want to know the different output between terminal and command prompt to powershell
Extra:
I'm really interested in cyber security and I want to learn more, upskill and do what it takes to be a unicorn. Feel free to give me critic/advice <3.
You're dealing with an output encoding difference between Command Prompt, PowerShell, and OpenSSL's interpretation of such when run from these shells.
To see your active code page from Command Prompt, run chcp.com. To see your active output encoding in PowerShell, check the status of the $OutputEncoding variable.
Note: You will see code page differences.
You may try in vain to set both to the same output encoding type, but OpenSSL will most likely still report differences.
As an example, you can review the OpenSSL output from all output encoding types in PowerShell with:
[System.Text.Encoding]::GetEncodings() | % { "`n`nCodePage $($_.CodePage):"; $OutputEncoding = [System.Text.Encoding]::GetEncoding($_.CodePage); openssl dgst -sha256 -binary .\index-styles.css | openssl base64 -A }
Note: I doubt there's a similar hash listed when compared to OpenSSL's Command Prompt output.
Anyhow, to avoid this problem, I would advise to use OpenSSL's built-in -out file parameter, then call OpenSSL twice, rather than rely on the pipeline (|):
openssl dgst -sha256 -binary -out .\index-styles.out .\index-styles.css
openssl base64 -A -in .\index-styles.out
You should (in theory) get consistent results from OpenSSL in both Command Prompt and PowerShell when using -out file then -in file
Hope this helps.
I have batch script file, which should encrypt a file with pgp. I have defined a task in task scheduler to do this, but I am keep receiving the error"The system cannot find the file specified".
Interestingly, when I run the same line of script in my powershell , the encrypted file is successfully generated.
I was wondering if anyone knows what can possibly be wrong here?
I tried to give the full path in my batch script , and also added the pass in start in part, when defining the action.
the batch scrip code is here::
rem #echo off
#set path=c:\test;%path%
#set d=%date:~-4,4%%date:~4,2%%date:~-7,2%
#set d=%d: =_%
#set t=%time:~0,2%%time:~3,2%%time:~6,2% #set t=%t: =0%
Rem Generate PGP encrypted file
#echo Starting PGP... >> c:\apps\ftpLogs\test.log
gpg2 --batch --yes -r testkey --output c:\test\foo\test_20150505.pgp --encrypt c:\test\foo\test_20150505.txt >> c:\apps\ftpLogs\test.log
and the script that I ran in my powershell, which works fine, is this line:
gpg2 --batch --yes -r testkey --output c:\test\foo\test_20150505.pgp --encrypt c:\test\foo\test_20150505.txt >> c:\apps\ftpLogs\test.log
Finally I was able to resolve the issue. The problem was with the user authority. The batch script was suppose to encrypt a file and then ftp the encrypted file to the vendor's ftp server.
Apparently in Windows Server 2012 , the ADMINISTRATORS have the permission to create a file (here the encrypted file) while this user does not have the permission to send it. and SYSTEM user has the permission to send but not to create. (Both of them had this authority back in Win Server 2012).
So what did I do at the end, was to make two different batch script tasks and schedule them with 10 mins time distance. The first one was running the above code with ADMINISTRATOR privileges and the second one was sending it out with SYSTEMS.
If your batch file doesn't work, but the PowerShell script does, just run the PowerShell script from your scheduled task instead.
From the Scheduled Task, instead of entering the path to your batch file specify PowerShell.exe (or more likely C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe). Then in the Arguments box specify your parameters. You probably want to hide the window, so we'll include that in the arguments, and for this you can probably skip loading a profile, so we'll add that too. Then just use the -Command parameter to specify your code that you have in the question.
So your Program to run box should show:
C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
Then the box that says "Add Arguments (optional)" should have:
-NoProfile -WindowStyle Hidden -command "gpg2 --batch --yes -r testkey --output c:\test\foo\test_$((get-date).ToString(yyyyMMdd)).pgp --encrypt c:\test\foo\test_$((get-date).ToString(yyyyMMdd)).txt >> c:\apps\ftpLogs\test.log"
On a side note, should that be gpg2 or pgp2? I just copied your command, but it seemed odd to me that they would name it like that.
Does anybody know if it's possible to issue several certificates from a CSV like this:
CN=TestCertificate1, DNS=testServer1
CN=TestCertificate2, DNS=testServer2
CN=TestCertificate3, DNS=testServer3
Using a given template and getting a pfx as output?
Thank you
This should be doable, although not by simply uploading a .CSV file and downloading the output. The easiest way would be to use some of the PKI Client Cmdlets in Windows PowerShell. These are PowerShell commands that let you interact with a Microsoft CA from a script or the command line.
The first step, would be to generate a certificate request using the DN information you find in the .CSV file. A great tutorial on generating the CSR can be found here. Once the certificates have been approved on the CA, you can export them using the relevant PKI Client Cmdlet, Export-PfxCertificate via your PowerShell script.
Hope this helps!
So the larger context of this problem is that it isn't possible, for whatever reason, to decrypt this file using, say, Bouncy Castle, so we're trying to do an automated command line with the normal gpg utility instead... I originally thought that would be quicker than trying to figure out why Bouncy Castle doesn't believe this is a real PGP-encrypted file, but I might have been wrong.
Here's the pipeline:
echo password | gpg --batch --yes --passphrase-fd 0 "filename"
This works perfectly in Powershell. Actually, several variations on this work perfectly in Powershell, but that's not the point...
The point is that I'm trying to run this in cmd.exe and it doesn't work there. Instead, I get an error saying that there has been no password provided and that, therefore, there is no secret key available and that, therefore, the file cannot be decrypted.
Given that the instructions I read for this are specifically for cmd.exe (not Powershell), I'm more than a little confused. Any idea what's going on here?
Apparently, the problem is that the password being passed through the pipeline includes a space--the one that appears between our hypothetical "d" and the pipe symbol itself. :)
So, for future reference, this works:
echo password|gpg --batch --yes --passphrase-fd 0 "filename"
Which, by the way, is exactly what the guide had said, but which I never caught onto because I did my initial testing in Powershell and didn't realize how picky cmd's echo command could be.