PkcsEncDecRun - PKCS#11 Encryption & Decryption and Running of Encrypted Commands

Encrypt/decrypt strings using a PKCS#11 smartcard and runs the encrypted command string.

Requirements

PKCS#11 compatible smartcard.
- For compatbile smartcards see Pkcs11Interop library.
RSA encryption key on smartcard.

Prepare: acquire neccessary information.
1. Insert your smartcard (token).
2. Determine the serial number of the token.
  - run PkcsEncDecRun.exe info x - it displays the token's serial number.
  - or use Pkcs11Admin:
3. Determine the ID of a RSA encryption key.
  - run PkcsEncDecRun.exe info x - it displays suitable keys and its IDs.
  - or use Pkcs11Admin:
4. Adjust PkcsEncDecRun.exe.config.
Encrypt your command (test it first!) and its arguments; arguments must be delimited by "|~|".
```
PkcsEncDecRun.exe enc "c:\Programs\mypgrogram.exe|~|e:\mytresor"
```
This generates a base64-encoded, encrypted string (encrypted with the RSA public key from the smartcard).
Run or create a batch file (or similar):
```
PkcsEncDecRun.exe run yJH3+9nEz...
```
This will first decrypt the string with the smartcard, and then it runs the command.

The PIN can be given in the environment variable PKCS_PIN. Be sure to clear that variable when done!

Example:

set PKCS_PIN=0000

Use MS Visual Studio IDE or msbuild
The Release-postbuild produces an all-in-one file ARTEFACT.all.exe which includes all needed DLLs.
The file ARTEFACT.all.exe is obfuscated using ConfuserEx.

Pkcs11Admin
SoftHSM
- Hint: make sure the softhsm2.conf is in the same folder of Pkcs11Admin-x64.exe or PkcsEncDecRun.exe.

AST, 02/2018

AGPL v3

Starts processes where the command and its arguments are encrypted using a smart card (PKCS#11).

GNU Affero General Public License v3.0

Language:C# 100.0%