USA and Canada: 866.253.7568   International: +1-501-313-0397
DidiSoft Ltd.

OpenPGP in PowerShell

As of version 1.7.15 DidiSoft OpenPGP Library for .NET provides a compiled module with Windows PowerShell commands. It is installed by the library Setup Wizard in %UserProfile%\Documents\WindowsPowerShell\Modules in sub folder DidiSoft.Pgp.PowerShell and the Cmldets are available in your PowerShell console.

Table of Contents

Encrypting and decrypting

The encryption is done through the command ConvertTo-PgpEncryptedFile and decryption with the ConvertFrom-PgpEncryptedFile. Below is an example usage:

1
2
ConvertTo-PgpEncryptedFile -Path C:\INPUT.txt -Key C:\recipient_key.asc -Output c:\encrypted.pgp
ConvertFrom-PgpEncryptedFile -Path C:\encrypted.pgp -Key C:\my_private_key.asc -Password "my key password" -Output c:\data.txt

Signing and verifyng

The OpenPGP signed only format combines the data with the digital signature in one file. For this purpose we use the command ConvertTo-PgpSignedFile for signing. The signed data is processed afterwards in two steps: first the signature is checked with the Test-PgpSignedFile command which returns Boolean:True if verification passed and False in all other cases (signature broken, wrong public key). The second step is the extraction of the data through the ConvertFrom-PgpSignedFile command:

1
2
3
4
5
6
7
8
9
10
ConvertTo-PgpSignedFile -Path C:\INPUT.txt -Key C:\my_private_key.asc -Password "my key password" -Output c:\signed.pgp
 
ConvertFrom-PgpSignedFile -Path C:\signed.pgp -Output c:\data.txt
 
$test = Test-PgpSignedFile -Path C:\data.pgp -Key c:\sender_public_key.asc
if ($test) {
  Write-Host "signature verified"
} else {
  Write-Host "signature verification failed"
}

One pass sign and encrypt and decryption

The one pass sign and encrypt is done by using our private key for signing and the public key of the recipient for encrypting. The command for sign and encrypt is ConvertTo-PgpSignedAndEncryptedFile

1
ConvertTo-PgpSignedAndEncryptedFile -Path C:\INPUT.txt -Key C:\my_private_key.asc -Password "my key password" -PublicKey c:\recipient_pub_key.asc -Output c:\encrypted.pgp

The decryption and signature verification are done in two steps. For decryption we use the same command used for encrypted only files ConvertFrom-PgpEncryptedFile. The signature is tested with the Test-PgpSignedAndEncryptedFile:

1
2
3
4
5
6
7
8
ConvertFrom-PgpEncryptedFile -Path C:\encrypted.pgp -Key C:\my_private_key.asc -Password "my key password" -Output c:\data.txt
 
$test = Test-PgpSignedAndEncryptedFile -Path C:\encrypted.pgp -Key C:\my_private_key.asc -Password "my key password" -PublicKey c:\sender_public_key.asc
if ($test) {
  Write-Host "signature verified"
} else {
  Write-Host "signature verification failed"
}

Clear text signing and verifying

Clear text signatures are just like OpenPGP signed data but the data is visible as plain text. The commands used are ConvertTo-PgpClearSignedFile, ConvertFrom-PgpClearSignedFile and Test-PgpClearSignedFile:

1
2
3
4
5
6
7
8
9
10
ConvertTo-PgpClearSignedFile -Path C:\INPUT.txt -Key C:\my_private_key.asc -Password "my key password" -Output c:\signed.pgp
 
ConvertFrom-PgpClearSignedFile -Path C:\signed.pgp -Output c:\data.txt
 
$test = Test-PgpClearSignedFile -Path C:\data.pgp -Key c:\sender_public_key.asc
if ($test) {
  Write-Host "signature verified"
} else {
  Write-Host "signature verification failed"
}

Detached signing and verifying

Detached digital signatures reside in separate file from the data. The command used for creating a detached signature is ConvertTo-PgpDetachedSignedFile. The signature is checked afterwards with Test-PgpDetachedSignedFile.

Powershell Example:

1
2
3
4
5
6
7
8
9
10
ConvertTo-PgpDetachedSignedFile -Path C:\data.txt -Key C:\my_private_key.asc -Password "my key password" -Output c:\data.txt.sig
 
 
 
$test = Test-PgpDetachedSignedFile -Path C:\data.txt -Key c:\sender_public_key.asc -Sinature data.txt.sig
if ($test) {
  Write-Host "signature verified"
} else {
  Write-Host "signature verification failed"
}

Generating keys

Keys can also be generated and the module exposes three different commands: New-PgpKeyRsa for RSA based keys, New-PgpKeyDhDss for DH/DSS (ElGamal) keys and New-PgpKeyEcc for OpenPGP keys based on Elliptic Curves.

1
2
3
New-PgpKeyRsa -Length 2048 -Name "Richard Koosh" -Password "my key pass" -Output c:\my_key.asc
New-PgpKeyDhDss -Length 2048 -Name "Richard Koosh" -Password "my key pass" -Output c:\my_key.asc
New-PgpKeyEcc -Curve NIST-P-256 -Name "Richard Koosh" -Password "my key pass" -Output c:\my_key.asc

Getting help

Command line help for each of the provided Cmdlets is available via the Get-Help command, like:

1
Get-Help ConvertTo-PgpClearSignedFile

Also .CHM help file is available under the library folder \Help\DidiSoft.Pgp.PowerShell.chm and in the Start menu program group of the library.

Summary

This chapter summarizes the usage of DidiSoft.Pgp.PowerShell.dll which provides a ready set of Windows Powershell commands on top of DidiSoft OpenPGP Library for .NET.

The described module exposes the most common functionality of the library. In future versions additional commands will also be implemented.