locked
I need a PS script that will return a remote server certificate's Cryptographic Service Provider (csp) or its Key Storage Provider (ksp) whichever it is. RRS feed

  • Question

  • Given a server name and thumbprint I need a powershell script to return that certificate's cyptographic provider (csp) or it's Key Storage Provider (ksp) whichever it is.

    Below is what I found/wrote to get the Signature Algorithm (sha1 or sha2). But I've looked everywhere and haven't found how to get the provider. The closest thing to work is "certutil -store -v my" which has the provider in it but I couldn't find a way to run certutil remotely. Any help will be greatly appreciated.

    # Powershell script to get SignatureAlgorithm
    $UtilSource = @"
    using System;
    using System.Security.Cryptography.X509Certificates;
    public class CertificateUtility
    {
    public X509Certificate FromStore(string storeName,  StoreLocation storeLocation, X509FindType findType, string findValue)
    {
    X509Store store = new X509Store(storeName, StoreLocation.LocalMachine);
    store.Open(OpenFlags.ReadOnly);
    try
    {         
    var results = store.Certificates.Find(findType, findValue, false);
    return results[0];
    }
    finally
    {
    store.Close();
    }
    }
    }
    "@

    Add-Type -TypeDefinition $UtilSource
    $MyCertificateUtility = New-Object CertificateUtility

    $X509Certificate2 = $CertificateUtility.FromStore("\\contoso1\my", 2, "FindByThumbprint", "A2908E40E0ED2F0398409238CB00238412983018")
    Write-Output $X509Certificate2.SignatureAlgorithm





    • Edited by MaxWilliam Sunday, January 22, 2017 7:18 AM
    Sunday, January 22, 2017 7:16 AM

Answers

  • $cert = Get-Item cert:\CurrentUser\My\64AA052B1401148FB14C441221FBA5B93995FA4F
    $cert.SignatureAlgorithm.FriendlyName
    $cert.IssuerName.Name
    $cert.PublicKey.Key.CspKeyContainerInfo


    \_(ツ)_/


    • Edited by jrv Sunday, January 22, 2017 9:45 AM
    • Marked as answer by MaxWilliam Sunday, January 22, 2017 8:27 PM
    Sunday, January 22, 2017 9:22 AM
  • C# code in PowerShell:

    $store = [System.Security.Cryptography.X509Certificates.X509Store]::new('\\alpha\My', 'LocalMachine')
    $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
    $thumb='5656DB2C657CA106B65044E3A86575B4EA1B34EF'
    $store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindByThumbprint, $thumb, $true)


    \_(ツ)_/

    • Marked as answer by MaxWilliam Sunday, January 22, 2017 8:21 PM
    Sunday, January 22, 2017 10:24 AM

All replies

  • $cert = Get-Item cert:\CurrentUser\My\64AA052B1401148FB14C441221FBA5B93995FA4F
    $cert.SignatureAlgorithm.FriendlyName
    $cert.IssuerName.Name
    $cert.PublicKey.Key.CspKeyContainerInfo


    \_(ツ)_/


    • Edited by jrv Sunday, January 22, 2017 9:45 AM
    • Marked as answer by MaxWilliam Sunday, January 22, 2017 8:27 PM
    Sunday, January 22, 2017 9:22 AM
  • C# code in PowerShell:

    $store = [System.Security.Cryptography.X509Certificates.X509Store]::new('\\alpha\My', 'LocalMachine')
    $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
    $thumb='5656DB2C657CA106B65044E3A86575B4EA1B34EF'
    $store.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindByThumbprint, $thumb, $true)


    \_(ツ)_/

    • Marked as answer by MaxWilliam Sunday, January 22, 2017 8:21 PM
    Sunday, January 22, 2017 10:24 AM
  • Thank you. I was able to explore more the contents of the certificate after seeing $cert.IssuerName.Name and $cert.PublicKey.Key.CspKeyContainerInfo. Also, I like not having to use the type definition as in my post.

    I've marked this as the answer. I have a question.... If it were a KSP provider would I use the same logic or would I need another API?

    Sunday, January 22, 2017 8:26 PM
  • Everything in the store is managed the same way but may have extra or slightly differing properties.  KSP is a superset of CSP so it should all be accounted for in some way.

    I haven't seen any KSP providers in my stores but I haven't really looked.


    \_(ツ)_/

    Sunday, January 22, 2017 9:25 PM