This page outlines a few basic principles using using cryptography methods in PowerShell.
Symmetric Key
Data Protection Application Programming Interface (DPAPI). DPAPI. Using DPAPI to protect a password.
AES CBC, ECB, CFB, CTS and OFB Encryption with Powershell Encryption. AES CBC, ECB, CFB, CTS and OFB. Using AES AES CBC, ECB, CFB, CTS and OFB mode with Powershell.
DES CBC or ECB Encryption with Powershell Encryption. DES (CBC/ECB). Using DES encryption with Powershell.
3DES CBC or ECB Encryption with Powershell Encryption. 3DES (CBC/ECB). Using 3DES encryption with Powershell.
RC2 CBC or ECB Encryption with Powershell Encryption. RC2 (CBC/ECB). Using RC2 encryption with Powershell.
Authenticated Encryption with Associated Data (AEAD) AES GCM Encryption with Encryption with PowerShell. AES GCM. Using AES GCM mode with Powershell.
Hashing
MD5, SHA-1, SHA-256, and SHA-512 hashing. Hashing. MD5, SHA-1, SHA-256, and SHA-512 with hex/Base-64 outputs.
HMAC
HMAC Hashing. HMAC. HMAC-MD5, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512 with hex/Base-64 outputs.
HKDF and PBKDF2
HKDF (HMAC Key Derivation Function). HKDF. Creating HKDF using MD5, SHA-1, SHA-256, SHA-384 and SHA-512.
Creating PBKDF2 using PowerShell. PBKDF2. Creating PBKDF2 using PowerShell. This requires a password, a salt value, the number of iterations, and the length of the output.
Encrypt Password using PBKDF2 and PowerShell. Encrypt Password using PBKDF2 and PowerShell. With PowerShell we can encrypt a password with our own encryption key. In this case, we will generate either a 128-bit or 256-bit key from PBKDF2 and encrypt a secure string
RSA
RSA Key Pair. RSA Values. Creating RSA values, and where the public key is [e,N] and the decryption key is [d,N].
RSA Signatures. RSA Signatures. With public-key encryption, we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alice's public key. In this example, we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail.
Computing RSA cipher and decipher values in PowerShell. RSA cipher and decipher values. In this case we generate an RSA key pair. With this we have two prime numbers (\(p\) and \(q\)), and compute the modulus (\(N=pq\)). We then pick an encryption key value (\(e=0x010001\)) and then compute \(d=e^{-1} \pmod \phi\)), and where \(\phi=(p-1)(q-1)\). To encrypt a message (\(M\)), we create a cipher \(c=M^e \pmod N\), and then decrypt with \(M=c^d \pmod N\). In this case we will prove the computations with the generation of a message value and an RSA key pair.
RSA Padding for Encryption and Decryption with PowerShell. RSA Padding for Encryption and Decryption with PowerShell. Optimal Asymmetric Encryption Padding (OAEP) allows for a message to be encrypted using RSA. It thus uses RSA encryption and integrates a padding scheme. It was defined by Bellare and Rogaway, and has been standardized in PKCS#v1.5 and RFC 2437 [here]. We use RSA-OAEP to pad the message, and then encrypt with \(C = {M_p}^e \pmod n\) and decrypt with \(M_p = C^d \pmod N\) and where \(M_p\) is the padded message. The padding is added before the encryption process, and then stripped off after decryption.
Generating a random number in PowerShell. Generating a random number in PowerShell. This page generates a random number in PowerShell and displays as a hex, Base64 and integer value.
ECC
Generating an ECC key pair in PowerShell. Generating an ECC key pair in PowerShell. With ECC, we have a base point on the curve (\(G\) and then create a random value for the private key (\(D\)) and then generate the public key with \(P=D.G\).
ECDSA for Multiple Curves and Different Hashing Methods with PowerShell
. ECDSA for Multiple Curves and Different Hashing Methods with PowerShell. With ECDSA (Elliptic Curve Digital Signature) we use an elliptic curve to produce a digital signature. Overall, we take a hash of a message, and then create a signature using a private key. The public key can then be used to verify the signature. In this case we will use a range of curves, such as 192-bit, 256-bit, 384-bit and 521-bit curves, and create with a range of hashing methods (such as MD5, SHA-1 and SHA-256).
DSA (Digital Signature Algorithm)
DSA in PowerShell. DSA Signatures in PowerShell. With DSA (Digital Signature Algorithm) we use discrete logarithms to produce a digital signature. Overall, we take a hash of a message, and then create a signature using a private (secret) key and a random nonce value (\(k\)). The public key and a hash of the message is then be used to verify the signature. In this case, we will create the signature using a range of key sizes (512-bit, 1,024 bits and 2,048 bits), and a range of hashing methods (such as MD5, SHA-1 and SHA-256).
Schnorr signatures
Schnorr Signature Method with Discrete Logs using PowerShell. Schnorr Signature Method with Discrete Logs using PowerShell. With Schnorr signatures can use discrete logarithms to produce a digital signature. Overall, we take a hash of a message, and then create a signature using a private (secret) key and a random nonce value (\(k\)). The public key and a hash of the message is then be used to verify the signature. In this case, we will create the signature using a range of key sizes, and a range of hashing methods (such as MD5, SHA-1 and SHA-256)
Zero Knowledge Proof
NIZK (Non-interactive Zero Knowledge) proofs of discrete - log equality with PowerShell. NIZK (Non-interactive Zero Knowledge) proofs of discrete - log equality with PowerShell. Let's say we have two generator values (\(g\) and \(h\)), and a secret value (\(x\)). If we have \(Y=g^x \pmod p\) and \(Z=h^x \pmod p\), can we prove that \(Y\) and \(Z\) use the same exponential value (\(x\))? For this, we then use \(g,Y,h,Z\) within a Chaum-Pedersen proof [1] to provide a zero-knowledge proof that \(log_G(Y) == log_M(Z)\). This is defined as DLEQ(Z/M == Y/G) - discrete log equality. With this we can prove that the same private key has been used for \(g^x \pmod p\) and \(h^x \pmod p)\), and use a random oracle (\(k\)) for each proof.
ElGamal Homomorphic Cipher for Multiplication (PowerShell). ElGamal. This outlines ElGamal Homomorphic multiplication with PowerShell.
ElGamal Homomorphic Cipher for Division (PowerShell). ElGamal. This outlines ElGamal Homomorphic division with PowerShell.
ElGamal Homomorphic Cipher for Addition (PowerShell). ElGamal. This outlines ElGamal Homomorphic addition with PowerShell.
ElGamal Homomorphic Cipher for Subtraction (PowerShell). ElGamal. This outlines ElGamal Homomorphic subtraction with PowerShell.
Inverse Mod
Inverse of \(x \pmod p\) in PowerShell. Inverse mod. In cryptography, we often need \(x^{−1}\), and which is a multiplicative inverse of \(x \pmod p\), i.e. \( x/x^{−1} = 1 \pmod p\). It is used in the calculation of the decryption key in RSA, and in other cryptography methods. With RSA, we get \((e \times d \pmod {\varphi} =1\) = 1, where we have \(e\) and \(\varphi\), and must calculate \(d\) using the multiplicative inverse of \(e \pmod {\varphi}\).
Primitive root
Primitive root of a prime number p modulo p in PowerShell. Primitive root of a prime number p modulo p. If we have \(g^x \pmod p\) and where \(p\) is a prime number, can we find a value of \(g\) that makes sure that we get a unique output from 1 to \(p-1\), for every value of \(x\) from 0 to \(p-2\). This is known as the primitive root under modulo \(p\).
Prime Number Test
Miller-Rabin Test for Prime Numbers in PowerShell. Miller-Rabin Test. Miller-Rabin Test for Primes is one of the most popular methods for testing for prime numbers used in RSA. Given an odd number (\(n\)), we will have an odd number of (\(n-1\)), of which we can calculate the power of 2 with a value of \(s\) so that \(n-1 = 2^s d\). For example, if \(n\) is 25, \((n-1)\) will be 24, and which is \(2 \times 2 \times 2 \times 3\) and which is \(2^3 \times 3\). We then select a random value of \(a\) and which is between 1 and \((n-1)\).
Random Prime Numbers in PowerShell. Random Prime Number. The Miller-Rabin Test for primes is one of the most popular methods for testing for prime numbers used in RSA. In this case we will generate a random prime number for a given number of bits. Initially we will generate a random number, and then test it for primality. If it is not, we will keep incrementing it by two until we find a prime number.
Object Identifier (OID)
Object Identifier (OID) in PowerShell. OID. The object identifier (OID) tag is used to define the cryptography methods used. An example identifier for ECC encryption is “1.2.840.10045.2.1”, and where 1 is OSI, 2 is member body, 840 is US (ANSI), and 10045 is “ansi-X9–62”, and “2” is key type [1]. Other common algorithms are: “1.2.840.113549.1.1.1” (X509 RSA), “1.2.840.10040.4.1” (X509 Digital Signature Standard -DSS), and “1.2.840.10046.2.1” (Diffie-Hellman — DH).
QR Codes
Wifi connect. Wifi QR. We can use PowerShell to create a QR connect for someone to connect to a Wifi network. In this case, we enter the SSDI and the password. Use your smart phone to test.
Contact details. Contract QR. We can use PowerShell to create a QR code to generate contact details.
Geolocation details. Geolocation QR. We can use PowerShell to create a QR code for geolocation.
URI link. URI QR. We can use PowerShell to create a URI link.
Text in a QR code. Text QR. We can use PowerShell to create text in a QR code.
A quick demo
A fun demostration of the power of PowerShell is to compute \(10^{6400}-10^{6532}-1\):