I want to decrypt a file that is AES encryptet, with a script on powershell. To decrypt it I want to use a openSSL binary, that the script automatically downloads.
When I execute the openssl.exe with start-Process -FilePath "$pwd\openssl\openssl.exe" a new cmd-window opens and I can enter my command to decrypt the file there. (which works I have tested it)
So my question:
Is there a way to execute the command openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new with the .exe without having to manually input it into the new window?
Yes, try this:
& ".\openssl\openssl.exe" aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new
Using Start-Process, you can pass the parameters with -ArgumentList:
Start-Process -FilePath "$pwd\openssl\openssl.exe" -ArgumentList "aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new"
Related
when I copy my code into terminal in VScode . terminal executes my code before my code finish copying.
keytool -list -v \
-alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
how to turn off this feature
sorry my english is bad, i use google translate.
Your integrated terminal in Visual Studio Code is running PowerShell, which doesn't support use of \ as a line-continuation character.
Either use ` (a backtick), making sure that it is the very last character on the line, or paste the command as a single line.
Additionally, PowerShell doesn't understand %USERPROFILE% as an environment-variable reference (only cmd.exe does); use $env:USERPROFILE instead.
Therefore:
With line continuation:
keytool -list -v `
-alias androiddebugkey -keystore $env:USERPROFILE\.android\debug.keystore
Single-line:
keytool -list -v -alias androiddebugkey -keystore $env:USERPROFILE\.android\debug.keystore
I am trying to sign a .exe file and I have a certificate and private key in format .pem.
I convert my cert using openssl to format .pfx
openssl pkcs12 -export -in "cert.pem" -inkey "key.pem" -out certificate.pfx -certfile "CA.cer"
I try using signtool
signtool sign /f "certificate.pfx" /p mypass /t http://timestamp.comodoca.com/authenticode "app.exe"
But I have the next error
SignTool Error: No certificates were found that met all the given criteria.
Reference
Signing .exe with .cer file (what is my certificate's name that signtool.exe is asking for?)
I'm making a CI build task in PowerShell to sign an assembly and the manifest with signtool and mage.
It works great, except that I have to run PowerShell as Administrator to get mage to accept the certificate. What I find really strange is that signtool can use the same certificate without privileges.
The certificate is a .pfx file.
Script:
signtool sign /f $certPath /p $certPassword /q /t $timestampUri "Example.dll"
mage -s "Example.dll.manifest" -CertFile $certPath -Password $certPassword -ti $timestampUri
Without privileges:
Done Adding Additional Store
Successfully signed and timestamped: Example.dll
Unable to open certificate "D:\example.pfx":
Access denied.
With privileges:
Done Adding Additional Store
Successfully signed and timestamped: Example.dll
Example.dll.manifest successfully signed
Does anyone know what is going on here?
Edit:
I used Procmon as adviced. Log below in CSV
Procmon logs
while trying to convert the private key file in PKCS12 format to PEM format (which is used by Wireshark) in two stages by using the openssl tool got the below error
PS C:\OpenSSL-Win64\bin> openssl pkcs12 -nodes -in test_cer123456.pfx -out key.pem -nocerts -nodes
openssl : The term 'openssl' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:1 char:1
+ openssl pkcs12 -nodes -in test_cer123456.pfx -out key.pem -nocerts -nodes
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (openssl:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Suggestion [3,General]: The command openssl was not found, but does exist in the current location. Windows PowerShell does not load commands from the current location by
default. If you trust this command, instead type ".\openssl". See "get-help about_Command_Precedence" for more details.
PS C:\OpenSSL-Win64\bin>
Could some one help me on this.?
Note : I was following this post
Powershell doesn't include current directory as a part of search path. The error message actually tells you this and explains what to do (emphasis added):
Suggestion [3,General]: The command openssl was not found, but does
exist in the current location. Windows PowerShell does not load
commands from the current location by default. If you trust this
command, instead type ".\openssl". See "get-help
about_Command_Precedence" for more details.
I have a new certificate from DigiCert .pfx file which when I try to use it for signing gives the error "The specified PFX password is not correct" However the password works fine when installing it locally. I have tried without specifying a password without success. The certificate was given to me buy another person who purchased it.
Thanks
I had the same issue but solved it by removing " from the password.
Before: signtool.exe sign /f mycert.pfx /p "password" /v /t http://... "application.exe"
After: signtool.exe sign /f mycert.pfx /p password /v /t http://... application.exe
I had the same issue as well when trying to sign dll files with post-build events in Visual Studio. I found out that the issue was having special characters like percentage sign (%) and comma (,) in the password. I fixed it after setting a new password without those special characters.
I hope this helps
Another possible issue is the encryption of the PFX could be unrecognized, for example a newer SHA256 encrypted cert cannot be used to sign on older SDK's
See related SO answers:
signtool - the specified PFX password is not correct from new machine
and
Why I get "The specified PFX password is not correct" when trying to sign application with signtool?
I had the same issue in Azure Devops where I was using a Command Line task:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /f "D:\Cert\CodeSigning.pfx" /p %_pwd123_% /d "" /du "" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 "D:\Build\Installer.msi"
This resulted in 'The specified PFX password is incorrect'.
But I was able to take the actual script command from the failed pipeline, copy it into a cmd prompt on the build machine and run it (without any changes) successfully.
I also tried creating a pipeline variable as I've seen others do and use that in the command like $(pfxPwd). That also seemed to translate perfectly when run but still failed.
The solution was to use the pipeline variable but include it in the command like this instead: %pfxPwd%
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /f "D:\Cert\CodeSigning.pfx" /p %pfxPwd% /d "" /du "" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 "D:\Build\Installer.msi"
Perhaps this trouble was caused by the password beginning and ending with %.
But since this certificate and password came from IT, there were no other options.
Note: I later discovered that if I change the variable type to 'secret' it no longer works.