Which is One of the Most Powerful Programming Languages, But Hardly Talked About?

There’s those who script and automate their work, and there’s those who spent their time clicking on silly buttons and logging into…

Which is One of the Most Powerful Programming Languages, But Hardly Talked About?

There are those who script and automate their work, and there are those who spend their time clicking on silly buttons and logging into systems

Introduction

Over 10 years ago, I changed something fundamentally in my work environment. For this, I had developed a range of Cisco device simulators using Flash and programmed these with ActionScript 1.0. As you may know, Flash had lots of security problems — mainly due to its ability to get right down into the machine. And, ActionScript 1.0, too, was powerful, and where we could script interaction and animations. But, it was horrible its use, and where you could just declare variables anywhere in the program, and just use them. This meant that it was difficult to scale programs up. And, so, ActionScript 2.0 came along, and it integrated a Java-style approach, and made it much more formal in its structure. I then had a fundamental decision to make … convert my programs from ActionScript 1.0 to 2.0 or rewrite the code in another language.

So I dumped Flash, and went for the new kid on the block … Microsoft .NET 1.0. It was Microsoft’s attempt at the beating of Java, and allowed programs to be run within a managed framework. These programs could be carefully controlled for their operation, rather than running wild on the processor. It meant a complete rewrite of the code for a Windows environment, but it was one of the best investments in time I have ever had. Everything from those 1.0 days is still available in the latest version of .NET, and everything from a certain version, is always backwards compatible. It was so typical of Bill Gates to turn his ship around and move in the right direction.

.NET as a foundation

And, so, .NET allows me to develop Windows programs using C#, and then with .NET 2.0, I extended this to the Web. But, at the core of .NET is a common framework, and where you can easily port from C# or VB.NET, and also to PowerShell. If you were able to program with C#, it was not difficult to change this to PowerShell. Overall, PowerShell is there to do all those scripting things that make life so much easier. There is no need to compile a program, we can just run it from the interpreter. Basically, PowerShell is the command line interface that Windows should have always had. As cybercriminals know, PowerShell is one of the best ways to get fully into a computer system. And, did you know that PowerShell now runs on Linux and Mac OSX, too?

The way I normally use it, is to write the C# version of the program, and then convert the classes into PowerShell ones. In C# we can use the classes of:

using System.Security.Cryptography.Rfc2898DeriveBytes;
using Security.Cryptography.AesGcm;
using System.Text.Encoding

For System.Text.Encoding, we have all the methods that we can use [here]:

It is then simple to convert this into a form for PowerShell, and with the class definition in square brackets:

$keygen = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($Args[1], 64, 10000)
$aesGcm = [Security.Cryptography.AesGcm]::new($key)
$plainBytes = [System.Text.Encoding]::UTF8.GetBytes($plaintext)

Our variables have a $ at the start of their names, and where we define the methods that we use after the “::” part:

$plaintext =  $Args[0]
$password=$Args[1]

$keygen = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($Args[1], 64, 10000)
$key = $keygen.GetBytes(32)

$aesGcm = [Security.Cryptography.AesGcm]::new($key)

$plainBytes = [System.Text.Encoding]::UTF8.GetBytes($plaintext)

$IV = $keygen.GetBytes(12)

$tag = [byte[]]::new(16)
$associatedData = [byte[]]::new(12)
$cipherText = [byte[]]::new($plainBytes.Length)

$aesGcm.Encrypt($IV, $plainBytes, $cipherText, $tag, $associatedData)


$plain = [byte[]]::new($cipherText.Length)

$aesGcm.Decrypt($IV, $cipherText, $tag, $plain, $associatedData)

"== AES GCM Encryption (using RFC2898 with 10,000 rounds for key derivation) =="
"`nMessage: " + $plaintext
"`nPassword: " + $password
"`nSalt: " + [System.Convert]::ToBase64String($IV)
"key: " + [System.Convert]::ToBase64String($key)
"`nEncryption: " + [System.Convert]::ToBase64String($cipherText)

"Decryption: " + [System.Text.Encoding]::UTF8.GetString($plain)

Scripts often have their arguments passed in as arguments, and so PowerShell has an easy way to do this:

$plaintext = $Args[0]
$password= $Args[1]

What can PowerShell do?

So what can you do with it? Well, here’s a few examples to get your up-to-speed:

  • Data Protection Application Programming Interface (DPAPI). DPAPI. Using DPAPI to protect a password.
  • AES CBC, ECB, CFB, CTS and OFB Encryption with Powershell Encryption. AES CBC, ECB, CFB, CTS and OFB. Using AES AES CBC, ECB, CFB, CTS and OFB mode with Powershell.
  • DES CBC or ECB Encryption with Powershell Encryption. DES (CBC/ECB). Using DES encryption with Powershell.
  • 3DES CBC or ECB Encryption with Powershell Encryption. 3DES (CBC/ECB). Using 3DES encryption with Powershell.
  • RC2 CBC or ECB Encryption with Powershell Encryption. RC2 (CBC/ECB). Using RC2 encryption with Powershell.
  • Authenticated Encryption with Associated Data (AEAD) AES GCM Encryption with Encryption with PowerShell. AES GCM. Using AES GCM mode with Powershell.
  • MD5, SHA-1, SHA-256, and SHA-512 hashing. Hashing. MD5, SHA-1, SHA-256, and SHA-512 with hex/Base-64 outputs.
  • HMAC Hashing. HMAC. HMAC-MD5, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512 with hex/Base-64 outputs.
  • HKDF (HMAC Key Derivation Function). HKDF. Creating HKDF using MD5, SHA-1, SHA-256, SHA-384 and SHA-512.
  • Creating PBKDF2 using PowerShell. PBKDF2. Creating PBKDF2 using PowerShell. This requires a password, a salt value, the number of iterations, and the length of the output.
  • RSA Key Pair. RSA Values. Creating RSA values, and where the public key is [e,N] and the decryption key is [d,N].
  • RSA Signatures. RSA Signatures. With public-key encryption, we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alice’s public key. In this example, we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail.
  • Computing RSA cipher and decipher values in PowerShell. RSA cipher and decipher values. In this case we generate an RSA key pair. With this we have two prime numbers (p and q), and compute the modulus (N=pq).
  • RSA Encryption and Decryption with PowerShell. RSA Encryption and Decryption with PowerShell. RSA Encryption and Decryption with PowerShell
  • RSA Padding for Encryption and Decryption with PowerShell. RSA Padding for Encryption and Decryption with PowerShell. Optimal Asymmetric Encryption Padding (OAEP) allows for a message to be encrypted using RSA. It thus uses RSA encryption and integrates a padding scheme.
  • Using dP, dQ and InvQ with RSA in PowerShell. Using dP, dQ and InvQ with RSA in PowerShell. If we use dP, dQ and InvQ with RSA in creates a simpler computation.
  • Generating a random number in PowerShell. Generating a random number in PowerShell. This page generates a random number in PowerShell and displays as a hex, Base64 and integer value.
  • Generating an ECC key pair in PowerShell. Generating an ECC key pair in PowerShell. With ECC, we have a base point on the curve (G) and then create a random value for the private key (D) and then generate the public key with P=D.G.
  • ECDSA for Multiple Curves and Different Hashing Methods with PowerShell . ECDSA for Multiple Curves and Different Hashing Methods with PowerShell. With ECDSA (Elliptic Curve Digital Signature) we use an elliptic curve to produce a digital signature. Overall, we take a hash of a message, and then create a signature using a private key. The public key can then be used to verify the signature. In this case, we will use a range of curves, such as 192-bit, 256-bit, 384-bit and 521-bit curves, and create with a range of hashing methods (such as MD5, SHA-1 and SHA-256).
  • DSA in PowerShell. DSA Signatures in PowerShell. With DSA (Digital Signature Algorithm) we use discrete logarithms to produce a digital signature. Overall, we take a hash of a message, and then create a signature using a private (secret) key and a random nonce value (k). The public key and a hash of the message is then be used to verify the signature. In this case, we will create the signature using a range of key sizes (512-bit, 1,024 bits and 2,048 bits), and a range of hashing methods (such as MD5, SHA-1 and SHA-256).
  • Schnorr Signature Method with Discrete Logs using PowerShell. Schnorr Signature Method with Discrete Logs using PowerShell. With Schnorr signatures can use discrete logarithms to produce a digital signature. Overall, we take a hash of a message, and then create a signature using a private (secret) key and a random nonce value (k). The public key and a hash of the message is then be used to verify the signature. In this case, we will create the signature using a range of key sizes, and a range of hashing methods (such as MD5, SHA-1 and SHA-256)
  • NIZK (Non-interactive Zero Knowledge) proofs of discrete — log equality with PowerShell. NIZK (Non-interactive Zero Knowledge) proofs of discrete — log equality with PowerShell.
  • ElGamal encryption with Powershell. ElGamal encryption.
  • ElGamal Homomorphic Cipher for Multiplication (PowerShell). ElGamal. This outlines ElGamal Homomorphic multiplication with PowerShell.
  • ElGamal Homomorphic Cipher for Division (PowerShell). ElGamal. This outlines ElGamal Homomorphic division with PowerShell.
  • ElGamal Homomorphic Cipher for Addition (PowerShell). ElGamal. This outlines ElGamal Homomorphic addition with PowerShell.
  • ElGamal Homomorphic Cipher for Subtraction (PowerShell). ElGamal. This outlines ElGamal Homomorphic subtraction with PowerShell.
  • Inverse of x(mod p) in PowerShell. Inverse mod. In cryptography, we often need x−1, and which is a multiplicative inverse of x(modp), i.e. x/x−1=1(modp). It is used in the calculation of the decryption key in RSA, and in other cryptography methods.
  • Primitive root of a prime number p modulo p in PowerShell. Primitive root of a prime number p modulo p. If we have gx(modp) and where p is a prime number, can we find a value of g that makes sure that we get a unique output from 1 to p−1, for every value of x from 0 to p−2. This is known as the primitive root under modulo p.
  • Miller-Rabin Test for Prime Numbers in PowerShell. Miller-Rabin Test. Miller-Rabin Test for Primes is one of the most popular methods for testing for prime numbers used in RSA. Given an odd number (n), we will have an odd number of (n−1), of which we can calculate the power of 2 with a value of s so that n−1=2sd. For example, if n is 25, (n−1) will be 24, and which is 2×2×2×3 and which is 23×3. We then select a random value of a and which is between 1 and (n−1).
  • Random Prime Numbers in PowerShell. Random Prime Number. The Miller-Rabin Test for primes is one of the most popular methods for testing for prime numbers used in RSA. In this case we will generate a random prime number for a given number of bits. Initially, we will generate a random number, and then test it for primality. If it is not, we will keep incrementing it by two until we find a prime number.
  • Object Identifier (OID) in PowerShell. OID. The object identifier (OID) tag is used to define the cryptography methods used. An example identifier for ECC encryption is “1.2.840.10045.2.1”, and where 1 is OSI, 2 is member body, 840 is US (ANSI), and 10045 is “ansi-X9–62”, and “2” is key type [1]. Other common algorithms are: “1.2.840.113549.1.1.1” (X509 RSA), “1.2.840.10040.4.1” (X509 Digital Signature Standard -DSS), and “1.2.840.10046.2.1” (Diffie-Hellman — DH).

And here is C# examples:

https://asecuritysite.com/csharp