4

I'm looking for a way to create an AES-128 key in PEM format (Base64 encoded text file) using PowerShell. All the examples I can find assume the user has OpenSSL installed. The equivalent OpenSSL command would be:

openssl genrsa -aes128 -out mykey.pem 4096

Is there a way to generate the equivalent file using any of the built in PowerShell cmdlets, such as Export-Certificate or New-SelfSignedCertificate or anything? Or, as a last resort, a solution involving calling into the .NET Framework? I'd appreciate any examples. Thanks!

Mike Christensen
  • 965
  • 1
  • 11
  • 21
  • Don't know of any built int functionality for this available as a commandlet. There is almost certainly something you can do with .NET and `System.Security.Cryptography.RSA` but I believe that gets pretty complicated quickly. Google seems to show a dozen or so third party .NET libraries and powershell modules that might be able to do this. – Zoredache Mar 08 '19 at 00:32
  • I assume you're looking to create a self-signed certificate? Is calling out to certutil.exe ok? – Mark Henderson Mar 08 '19 at 01:04
  • @MarkHenderson - Sure! I can use anything a default installation of Windows 10 has.. – Mike Christensen Mar 08 '19 at 02:08
  • @MikeChristensen Well I got excited and then I got stumped. I cannot get the private key to be included in any conversions I do. I think Windows has locked that down very tightly through any windows API calls. – Mark Henderson Mar 08 '19 at 02:54
  • Yea, I kinda think this has to be done through .NET code.. Or use OpenSSL.. – Mike Christensen Mar 08 '19 at 03:08
  • FireDaemon has precompiled OpenSSL binaries for Windows, which you can copy to a server temporarily and use like a portable version https://kb.firedaemon.com/support/solutions/articles/4000121705 – David Trevor Aug 01 '23 at 08:40

0 Answers0