Encrypt/decrypt strings using a PKCS#11 smartcard and runs the encrypted command string.
- PKCS#11 compatible smartcard.
- For compatbile smartcards see Pkcs11Interop library.
- RSA encryption key on smartcard.
-
Prepare: acquire neccessary information.
- Insert your smartcard (token).
- Determine the serial number of the token.
- run
PkcsEncDecRun.exe info x
- it displays the token's serial number. - or use Pkcs11Admin:
- run
- Determine the ID of a RSA encryption key.
- run
PkcsEncDecRun.exe info x
- it displays suitable keys and its IDs. - or use Pkcs11Admin:
- run
- Adjust
PkcsEncDecRun.exe.config
.
-
Encrypt your command (test it first!) and its arguments; arguments must be delimited by "
|~|
".PkcsEncDecRun.exe enc "c:\Programs\mypgrogram.exe|~|e:\mytresor"
This generates a base64-encoded, encrypted string (encrypted with the RSA public key from the smartcard).
-
Run or create a batch file (or similar):
PkcsEncDecRun.exe run yJH3+9nEz...
This will first decrypt the string with the smartcard, and then it runs the command.
The PIN can be given in the environment variable PKCS_PIN
.
Be sure to clear that variable when done!
Example:
set PKCS_PIN=0000
- MS Visual Studio 2015
- .NET 4.0+
- NuGet
- Use MS Visual Studio IDE or msbuild
- The Release-postbuild produces an all-in-one file
ARTEFACT.all.exe
which includes all needed DLLs. - The file
ARTEFACT.all.exe
is obfuscated using ConfuserEx.
- Pkcs11Admin
- SoftHSM
- Hint: make sure the
softhsm2.conf
is in the same folder ofPkcs11Admin-x64.exe
orPkcsEncDecRun.exe
.
- Hint: make sure the
AST, 02/2018
AGPL v3