Posts on this page:
After three months since PSPKI module v3.2.5 was released I received a number of unfortunate bugs (which weren’t tested very well from my side) and other issues. So I decided to address them while I have some spare time. In addition, I made an attempt to provide new functionality I really missed in the module.
This release is intended to make the module more stable and less buggy. In some aspects it become faster.
I have fixed a number of private bugs (found by myself) and publically reported bugs:
For detailed change logs and privately reported issues see:
In the previous post, I tried to explain some inconsistences in the current implementation of Constrained PowerShell feature that is introduced in PowerShell 5.0: PowerShell 5.0 and Applocker. When security doesn’t mean security. After having a long email and twitter conversations I realized that many of readers blame me for being against Constrained PowerShell feature. It is not true. In this post, I would like to summarize what is going wrong now and how it should work in my opinion.
A friend of mine asked why his PowerShell scripts (PowerShell profile) doesn’t execute properly in after upgrading to PowerShell 5.0. A brief investigation showed that interactive PowerShell console runs in Constrained Language mode, as the result many language features are stripped out and PowerShell profile isn’t loaded with the following error:
Windows PowerShell Copyright (C) 2015 Microsoft Corporation. All rights reserved. C:\Users\vpodans\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 : Cannot dot-source this command because it was defined in a different language mode. To invoke this command without importing its contents, omit the '.' operator. At line:1 char:1 + . 'C:\Users\vpodans\Documents\WindowsPowerShell\Microsoft.PowerShell_ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Microsoft.PowerShell_profile.ps1], NotSupportedException + FullyQualifiedErrorId : DotSourceNotSupported,Microsoft.PowerShell_profile.ps1 PS C:\Users\vpodans> [math]::Sqrt(1) Cannot invoke method. Method invocation is supported only on core types in this language mode. At line:1 char:1 + [math]::Sqrt(1) + ~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) , RuntimeException + FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage PS C:\Users\vpodans> $ExecutionContext.SessionState.LanguageMode ConstrainedLanguage PS C:\Users\vpodans>
I’m glad to announce another version of PowerShell PKI module release.
This release includes major internal code changes with new functionality.
At first, I completely separated Abstract Syntax Notation (ASN.1) code from main library to a dedicated DLL:
SysadminsLV.Asn1Parser.dll. As I mentioned in one of previous posts, PKI.Core.dll and ASN parser are opensourced on GitHub: pkix.net and Asn1DerParser.NET.
Some time ago I wrote a script that converts PEM file to CryptoAPI compatible format: How to convert PEM file to a CryptoAPI compatible format. The script involves some non-PowerShell commands (certutil) which associates private key with a certificate instance. I received several feedback comments about avoiding certutil in favor of native PowerShell/.NET managed code. In this post I want to show some code that eliminates certutil from the script.
Just to recall what we generally do when converting PEM to X509Certificate2/PFX: