在Powershell中生成RSA密钥对 [英] Generating an RSA key pair in powershell

问题描述

我想在Powershell中生成一个RSA公共私钥对而不使用外部软件，并且我想对其进行测试。它应该能够在任何在线公钥/私钥验证服务上加密/解密数据。

I want to generate an RSA public private key pair in powershell without using external software and I want to test it. It should be able to encrypt/decrypt data on any online public/private key verification service.

有针对性的严格教育。我非常清楚您不应该出于安全目的在线导出私钥。

Purpose- Strictly Educational. I'm very well aware that you shouldn't export your private key online for security purposes.

到目前为止，我已经尝试过
ssh- keygen 和

So far I've tried ssh-keygen and

$RSA = New-Object System.Security.Cryptography.RSACryptoServiceProvider(2048)
[System.Convert]::ToBase64String($rsa.ExportCspBlob(1))
[System.Convert]::ToBase64String($rsa.ExportCspBlob(0))

System.Security.Cryptography.RSACryptoServiceProvider创建P，Q等所有用于计算公钥/私钥的原材料，但是我不想要该原材料

System.Security.Cryptography.RSACryptoServiceProvider creates P, Q etc. all the raw material for calculating public/private key, but I don't want the raw material.

ExportCspBlob（x）提供了一个密钥，但是当我尝试在线验证它时，密钥对验证失败。

ExportCspBlob(x) provides a key, but when I try to verify it online, the key pair verification fails.

因此，有什么方法可以在Powershell中创建RSA公共私钥对而不使用任何外部程序，可以直接将其复制粘贴为证书格式（具有 ----- BEGIN PRIVATE的证书格式） KEY ---- 的东西）？

So, is there any way to create RSA public private key pair in powershell without using any external programs, which can be directly copy-pasted into a certificate format(the one with -----BEGIN PRIVATE KEY---- stuff)?

推荐答案

如果您只想使用powershell实施公钥加密/解密，则可以使用内置工具。要生成密钥对，只需使用New-SelfSignedCertificate cmdlet，然后就可以使用Protect / Unprotect-CmsMessage使用生成的证书来加密/解密数据（这是类似PGP的cmdlet，这意味着您不必自己处理对称密钥部分） 。然后，要将密钥共享或移动到其他计算机，可以使用Import / Export-Certificate cmdlet。参见下面的示例

If you just want to implement Public Key encryption/decryption with powershell, there are built-in tools for that. To generate key pair just use New-SelfSignedCertificate cmdlet, then you can use generated certificate to encrypt/decrypt data using Protect/Unprotect-CmsMessage (this is PGP-like cmdlets, meaning you don't have to deal with symmetric key part yourself). Then to share or move keys to other machines you can use Import/Export-Certificate cmdlets. See the example below

$store = "cert:\CurrentUser\My"

$params = @{
 CertStoreLocation = $store
 Subject = "CN=Test1"
 KeyLength = 2048
 KeyAlgorithm = "RSA" 
 KeyUsage = "DataEncipherment"
 Type = "DocumentEncryptionCert"
}

# generate new certificate and add it to certificate store
$cert = New-SelfSignedCertificate @params


# list all certs 
# Get-ChildItem -path $store

# Encryption / Decryption

$message = "My secret message"

$cipher = $message  | Protect-CmsMessage -To "CN=Test1" 
Write-Host "Cipher:" -ForegroundColor Green
$cipher

Write-Host "Decrypted message:" -ForegroundColor Green
$cipher | Unprotect-CmsMessage


# Exporting/Importing certificate

$pwd = ("P@ssword" | ConvertTo-SecureString -AsPlainText -Force)
$privateKey = "$home\Documents\Test1.pfx"
$publicKey = "$home\Documents\Test1.cer"

# Export private key as PFX certificate, to use those Keys on different machine/user
Export-PfxCertificate -FilePath $privateKey -Cert $cert -Password $pwd

# Export Public key, to share with other users
Export-Certificate -FilePath $publicKey -Cert $cert

#Remove certificate from store
$cert | Remove-Item

# Add them back:
# Add private key on your machine
Import-PfxCertificate -FilePath $privateKey -CertStoreLocation $store -Password $pwd

# This is for other users (so they can send you encrypted messages)
Import-Certificate -FilePath $publicKey -CertStoreLocation $store

这篇关于在Powershell中生成RSA密钥对的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！