From 090d508509dc3f093e72a50a357a1bb19133ad50 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 13:24:37 +0200 Subject: [PATCH 1/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Refactor=20tests?= =?UTF-8?q?=20for=20`ConvertTo-SodiumSealedBox`=20and=20`ConvertFrom-Sodiu?= =?UTF-8?q?mSealedBox`=20to=20improve=20clarity=20and=20add=20new=20test?= =?UTF-8?q?=20cases=20for=20decryption=20without=20public=20key?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/Sodium.Tests.ps1 | 89 +++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/tests/Sodium.Tests.ps1 b/tests/Sodium.Tests.ps1 index 55b42e3..965f716 100644 --- a/tests/Sodium.Tests.ps1 +++ b/tests/Sodium.Tests.ps1 @@ -1,21 +1,14 @@ Describe 'Sodium' { Context 'SealedBox - Encryption and Decryption' { It 'Encrypts and decrypts a message correctly using valid keys' { - # Generate a key pair $keyPair = New-SodiumKeyPair $publicKey = $keyPair.PublicKey $privateKey = $keyPair.PrivateKey - - # Define a message to test $message = 'Hello world!' - # Encrypt the message - $sealedBox = ConvertTo-SodiumSealedBox -Message $message -PublicKey $publicKey - - # Decrypt using the matching private key - $decryptedString = ConvertFrom-SodiumSealedBox -SealedBox $sealedBox -PublicKey $publicKey -PrivateKey $privateKey + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $publicKey + $decryptedString = ConvertFrom-SodiumSealedBox -SealedBox $encryptedMessage -PublicKey $publicKey -PrivateKey $privateKey - # Verify that the decrypted string matches the original message $decryptedString | Should -Be $message } @@ -24,44 +17,26 @@ $keyPair2 = New-SodiumKeyPair $message = 'Test message' - $sealedBox = ConvertTo-SodiumSealedBox -Message $message -PublicKey $keyPair1.PublicKey + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $keyPair1.PublicKey - { - ConvertFrom-SodiumSealedBox -SealedBox $sealedBox -PublicKey $keyPair1.PublicKey -PrivateKey $keyPair2.PrivateKey - } | Should -Throw 'Decryption failed.' + { ConvertFrom-SodiumSealedBox -SealedBox $encryptedMessage -PublicKey $keyPair1.PublicKey -PrivateKey $keyPair2.PrivateKey } | + Should -Throw 'Decryption failed.' } - It 'Throws an error when encrypting with an invalid public key' { + It 'ConvertTo-SodiumSealedBox -Throws an error when encrypting with an invalid public key' { $message = 'Invalid key test' - $invalidPublicKey = 'InvalidKey' # not 32 bytes when converted + $invalidPublicKey = 'InvalidKey' - { - ConvertTo-SodiumSealedBox -Message $message -PublicKey $invalidPublicKey - } | Should -Throw + { ConvertTo-SodiumSealedBox -Message $message -PublicKey $invalidPublicKey } | Should -Throw } It 'Throws an error when decrypting with an invalid public key' { $keyPair = New-SodiumKeyPair $message = 'Another message' - $sealedBox = ConvertTo-SodiumSealedBox -Message $message -PublicKey $keyPair.PublicKey + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $keyPair.PublicKey - # Supply a public key that's clearly too short $invalidPublicKey = 'AAA' - { - ConvertFrom-SodiumSealedBox -SealedBox $sealedBox -PublicKey $invalidPublicKey -PrivateKey $keyPair.PrivateKey - } | Should -Throw - } - - It 'Throws an error when decrypting with an invalid private key' { - $keyPair = New-SodiumKeyPair - $message = 'Yet another message' - $sealedBox = ConvertTo-SodiumSealedBox -Message $message -PublicKey $keyPair.PublicKey - - # Supply a private key that's clearly too short - $invalidPrivateKey = 'BBB' - { - ConvertFrom-SodiumSealedBox -SealedBox $sealedBox -PublicKey $keyPair.PublicKey -PrivateKey $invalidPrivateKey - } | Should -Throw + { ConvertFrom-SodiumSealedBox -SealedBox $encryptedMessage -PublicKey $invalidPublicKey -PrivateKey $keyPair.PrivateKey } | Should -Throw } It 'Encrypts a message correctly when using pipeline input on ConvertTo-SodiumSealedBox' { @@ -70,10 +45,8 @@ $privateKey = $keyPair.PrivateKey $message = 'Pipeline input encryption test' - # Pass the message via pipeline input instead of -Message parameter - $sealedBox = $message | ConvertTo-SodiumSealedBox -PublicKey $publicKey - - $decryptedString = ConvertFrom-SodiumSealedBox -SealedBox $sealedBox -PublicKey $publicKey -PrivateKey $privateKey + $encryptedMessage = $message | ConvertTo-SodiumSealedBox -PublicKey $publicKey + $decryptedString = ConvertFrom-SodiumSealedBox -SealedBox $encryptedMessage -PublicKey $publicKey -PrivateKey $privateKey $decryptedString | Should -Be $message } @@ -84,16 +57,44 @@ $privateKey = $keyPair.PrivateKey $message = 'Pipeline input decryption test' - # Encrypt using normal parameter binding - $sealedBox = ConvertTo-SodiumSealedBox -Message $message -PublicKey $publicKey - - # Pass the sealed box via pipeline input to the decryption function - $decryptedString = $sealedBox | ConvertFrom-SodiumSealedBox -PublicKey $publicKey -PrivateKey $privateKey + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $publicKey + $decryptedString = $encryptedMessage | ConvertFrom-SodiumSealedBox -PublicKey $publicKey -PrivateKey $privateKey $decryptedString | Should -Be $message } } + Context 'SealedBox - Decryption without PublicKey' { + + It 'Decrypts a sealed box when only the private key is supplied' { + $keyPair = New-SodiumKeyPair + $publicKey = $keyPair.PublicKey + $privateKey = $keyPair.PrivateKey + + $message = 'Hello with secret key only!' + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $publicKey + $decrypted = ConvertFrom-SodiumSealedBox -SealedBox $encryptedMessage -PrivateKey $privateKey + + $decrypted | Should -Be $message + } + + It 'Fails when an incorrect private key is supplied (no public key given)' { + $kpGood = New-SodiumKeyPair + $kpBad = New-SodiumKeyPair + $message = 'Mismatch test' + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $kpGood.PublicKey + { ConvertFrom-SodiumSealedBox -SealedBox $encryptedMessage -PrivateKey $kpBad.PrivateKey } | Should -Throw + } + + It 'Accepts pipeline input for the sealed box when no public key is given' { + $kp = New-SodiumKeyPair + $message = 'Pipeline test' + $encryptedMessage = ConvertTo-SodiumSealedBox -Message $message -PublicKey $kp.PublicKey + $result = $encryptedMessage | ConvertFrom-SodiumSealedBox -PrivateKey $kp.PrivateKey + $result | Should -Be $message + } + } + Context 'Key Pair Generation' { It 'Generates a valid key pair with keys of 32 bytes each' { $keyPair = New-SodiumKeyPair From 967fcc68423cd604c2a9b13514de44b1a42f48ea Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 13:59:28 +0200 Subject: [PATCH 2/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Rename=20paramete?= =?UTF-8?q?rs=20in=20`crypto=5Fbox`=20functions=20for=20clarity=20and=20ad?= =?UTF-8?q?d=20`crypto=5Fscalarmult=5Fbase`=20extern=20declaration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- PSModule/Sodium/Sodium.cs | 12 ++++-- src/functions/public/Get-SodiumPublicKey.ps1 | 39 ++++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 src/functions/public/Get-SodiumPublicKey.ps1 diff --git a/PSModule/Sodium/Sodium.cs b/PSModule/Sodium/Sodium.cs index f4dfeeb..44b5f33 100644 --- a/PSModule/Sodium/Sodium.cs +++ b/PSModule/Sodium/Sodium.cs @@ -9,16 +9,16 @@ public static class Sodium public static extern int sodium_init(); [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] - public static extern int crypto_box_keypair(byte[] pk, byte[] sk); + public static extern int crypto_box_keypair(byte[] publicKey, byte[] privateKey); [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] - public static extern int crypto_box_seed_keypair(byte[] pk, byte[] sk, byte[] seed); + public static extern int crypto_box_seed_keypair(byte[] publicKey, byte[] privateKey, byte[] seed); [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] - public static extern int crypto_box_seal(byte[] ciphertext, byte[] message, ulong mlen, byte[] pk); + public static extern int crypto_box_seal(byte[] ciphertext, byte[] message, ulong mlen, byte[] publicKey); [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] - public static extern int crypto_box_seal_open(byte[] decrypted, byte[] ciphertext, ulong clen, byte[] pk, byte[] sk); + public static extern int crypto_box_seal_open(byte[] decrypted, byte[] ciphertext, ulong clen, byte[] publicKey, byte[] privateKey); [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] public static extern UIntPtr crypto_box_publickeybytes(); @@ -28,5 +28,9 @@ public static class Sodium [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] public static extern UIntPtr crypto_box_sealbytes(); + + [DllImport("libsodium", CallingConvention = CallingConvention.Cdecl)] + public static extern int crypto_scalarmult_base(byte[] publicKey, byte[] privateKey); + } } diff --git a/src/functions/public/Get-SodiumPublicKey.ps1 b/src/functions/public/Get-SodiumPublicKey.ps1 new file mode 100644 index 0000000..db34097 --- /dev/null +++ b/src/functions/public/Get-SodiumPublicKey.ps1 @@ -0,0 +1,39 @@ +function Get-SodiumPublicKey { + <# + .SYNOPSIS + Derives a Curve25519 public key from a provided private key using the Sodium cryptographic library. + + .DESCRIPTION + Takes a Base64-encoded Curve25519 private key and returns the corresponding Base64-encoded public key. This is accomplished using the + Libsodium `crypto_scalarmult_base` function provided by the PSModule.Sodium .NET wrapper. The function ensures compatibility with + cryptographic operations requiring key exchange mechanisms. + + .EXAMPLE + Get-SodiumPublicKey -PrivateKey 'ci5/7eZ0IbGXtqQMaNvxhJ2d9qwFxA8Kjx+vivSTXqU=' + + Output: + ```powershell + WQakMx2mIAQMwLqiZteHUTwmMP6mUdK2FL0WEybWgB8= + ``` + + Derives and returns the public key corresponding to the given Base64-encoded private key. + + .OUTPUTS + string + + .LINK + https://psmodule.io/Sodium/Functions/Get-SodiumPublicKey/ + #> + + [OutputType([string])] + [CmdletBinding()] + param( + # The private key to derive the public key from. + [Parameter(Mandatory)] + [string] $PrivateKey + ) + + ([Convert]::ToBase64String( + [PSModule.Sodium]::crypto_scalarmult_base( + [Convert]::FromBase64String($PrivateKey)))) +} From 325c98bf48d84cb99a744f4c736e78048407660a Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 14:00:44 +0200 Subject: [PATCH 3/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Update=20`Convert?= =?UTF-8?q?From-SodiumSealedBox`=20to=20derive=20public=20key=20from=20pri?= =?UTF-8?q?vate=20key=20if=20not=20provided=20and=20adjust=20parameter=20a?= =?UTF-8?q?ttributes=20for=20clarity?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../public/ConvertFrom-SodiumSealedBox.ps1 | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 index b216343..5ecbe09 100644 --- a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 +++ b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 @@ -58,7 +58,7 @@ [string] $SealedBox, # The base64-encoded public key used for decryption. - [Parameter(Mandatory)] + [Parameter()] [string] $PublicKey, # The base64-encoded private key used for decryption. @@ -73,12 +73,21 @@ process { $ciphertext = [Convert]::FromBase64String($SealedBox) - $publicKeyByteArray = [Convert]::FromBase64String($PublicKey) - $privateKeyByteArray = [Convert]::FromBase64String($PrivateKey) - if ($publicKeyByteArray.Length -ne 32) { throw 'Invalid public key.' } + $privateKeyByteArray = [Convert]::FromBase64String($PrivateKey) if ($privateKeyByteArray.Length -ne 32) { throw 'Invalid private key.' } + if ([string]::IsNullOrWhiteSpace($PublicKey)) { + # derive public key from private key (Curve25519) + $publicKeyByteArray = New-Object byte[] 32 + $rc = [PSModule.Sodium]::crypto_scalarmult_base($publicKeyByteArray, $privateKeyByteArray) + if ($rc -ne 0) { throw 'Unable to derive public key from private key.' } + } else { + $publicKeyByteArray = [Convert]::FromBase64String($PublicKey) + if ($publicKeyByteArray.Length -ne 32) { throw 'Invalid public key.' } + } + # -------------------------------------------------------------------- + $overhead = [PSModule.Sodium]::crypto_box_sealbytes().ToUInt32() $decryptedBytes = New-Object byte[] ($ciphertext.Length - $overhead) From 7a04e22a3bef08e0663ea2d79420b0f5bec1628d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 15:19:25 +0200 Subject: [PATCH 4/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Add=20tests=20for?= =?UTF-8?q?=20`Get-SodiumPublicKey`=20to=20verify=20public=20key=20derivat?= =?UTF-8?q?ion=20from=20private=20key=20and=20error=20handling=20for=20inv?= =?UTF-8?q?alid=20keys?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/Sodium.Tests.ps1 | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/Sodium.Tests.ps1 b/tests/Sodium.Tests.ps1 index 965f716..bad67a4 100644 --- a/tests/Sodium.Tests.ps1 +++ b/tests/Sodium.Tests.ps1 @@ -133,4 +133,22 @@ $keyPair1.PrivateKey | Should -Not -Be $keyPair2.PrivateKey } } + + Context 'Public Key Derivation' { + It 'Get-SodiumPublicKey - Derives the correct public key from a private key' { + $keyPair = New-SodiumKeyPair + $privateKey = $keyPair.PrivateKey + $expectedPublicKey = $keyPair.PublicKey + + $derivedPublicKey = Get-SodiumPublicKey -PrivateKey $privateKey + + $derivedPublicKey | Should -Be $expectedPublicKey + } + + It 'Get-SodiumPublicKey - Throws an error when an invalid private key is provided' { + $invalidPrivateKey = 'InvalidKey' + + { Get-SodiumPublicKey -PrivateKey $invalidPrivateKey } | Should -Throw + } + } } From 29b3cc03f1de115c5a2dddd5144a016d4ff7b386 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 15:20:16 +0200 Subject: [PATCH 5/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Standardize=20cas?= =?UTF-8?q?ing=20in=20documentation=20for=20base64=20encoding=20in=20`Get-?= =?UTF-8?q?SodiumPublicKey`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/functions/public/Get-SodiumPublicKey.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/functions/public/Get-SodiumPublicKey.ps1 b/src/functions/public/Get-SodiumPublicKey.ps1 index db34097..02cc7f9 100644 --- a/src/functions/public/Get-SodiumPublicKey.ps1 +++ b/src/functions/public/Get-SodiumPublicKey.ps1 @@ -4,7 +4,7 @@ Derives a Curve25519 public key from a provided private key using the Sodium cryptographic library. .DESCRIPTION - Takes a Base64-encoded Curve25519 private key and returns the corresponding Base64-encoded public key. This is accomplished using the + Takes a base64-encoded Curve25519 private key and returns the corresponding base64-encoded public key. This is accomplished using the Libsodium `crypto_scalarmult_base` function provided by the PSModule.Sodium .NET wrapper. The function ensures compatibility with cryptographic operations requiring key exchange mechanisms. @@ -16,7 +16,7 @@ WQakMx2mIAQMwLqiZteHUTwmMP6mUdK2FL0WEybWgB8= ``` - Derives and returns the public key corresponding to the given Base64-encoded private key. + Derives and returns the public key corresponding to the given base64-encoded private key. .OUTPUTS string From 0750f25084f88b76a9b4746ad32bf02f8e3a683d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 15:38:23 +0200 Subject: [PATCH 6/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Update=20`Convert?= =?UTF-8?q?From-SodiumSealedBox`=20to=20use=20`System.Convert`=20for=20bas?= =?UTF-8?q?e64=20decoding=20and=20improve=20error=20handling=20for=20key?= =?UTF-8?q?=20validation;=20enhance=20`Get-SodiumPublicKey`=20with=20base6?= =?UTF-8?q?4=20output=20option=20and=20refactor=20for=20clarity.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../public/ConvertFrom-SodiumSealedBox.ps1 | 9 ++--- src/functions/public/Get-SodiumPublicKey.ps1 | 38 ++++++++++++++++--- 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 index 5ecbe09..2d47652 100644 --- a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 +++ b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 @@ -72,18 +72,17 @@ } process { - $ciphertext = [Convert]::FromBase64String($SealedBox) + $ciphertext = [System.Convert]::FromBase64String($SealedBox) - $privateKeyByteArray = [Convert]::FromBase64String($PrivateKey) + $privateKeyByteArray = [System.Convert]::FromBase64String($PrivateKey) if ($privateKeyByteArray.Length -ne 32) { throw 'Invalid private key.' } if ([string]::IsNullOrWhiteSpace($PublicKey)) { - # derive public key from private key (Curve25519) $publicKeyByteArray = New-Object byte[] 32 $rc = [PSModule.Sodium]::crypto_scalarmult_base($publicKeyByteArray, $privateKeyByteArray) if ($rc -ne 0) { throw 'Unable to derive public key from private key.' } } else { - $publicKeyByteArray = [Convert]::FromBase64String($PublicKey) + $publicKeyByteArray = [System.Convert]::FromBase64String($PublicKey) if ($publicKeyByteArray.Length -ne 32) { throw 'Invalid public key.' } } # -------------------------------------------------------------------- @@ -93,7 +92,7 @@ # Attempt to decrypt $result = [PSModule.Sodium]::crypto_box_seal_open( - $decryptedBytes, $ciphertext, [uint64]$ciphertext.Length, $publicKeyByteArray, $privateKeyByteArray + $decryptedBytes, $ciphertext, [UInt64]$ciphertext.Length, $publicKeyByteArray, $privateKeyByteArray ) if ($result -ne 0) { diff --git a/src/functions/public/Get-SodiumPublicKey.ps1 b/src/functions/public/Get-SodiumPublicKey.ps1 index 02cc7f9..0aeba72 100644 --- a/src/functions/public/Get-SodiumPublicKey.ps1 +++ b/src/functions/public/Get-SodiumPublicKey.ps1 @@ -13,11 +13,20 @@ Output: ```powershell - WQakMx2mIAQMwLqiZteHUTwmMP6mUdK2FL0WEybWgB8= + ``` Derives and returns the public key corresponding to the given base64-encoded private key. + .EXAMPLE + Get-SodiumPublicKey -PrivateKey 'ci5/7eZ0IbGXtqQMaNvxhJ2d9qwFxA8Kjx+vivSTXqU=' -Base64 + + Output: + ```powershell + WQakMx2mIAQMwLqiZteHUTwmMP6mUdK2FL0WEybWgB8= + ``` + + .OUTPUTS string @@ -30,10 +39,29 @@ param( # The private key to derive the public key from. [Parameter(Mandatory)] - [string] $PrivateKey + [string] $PrivateKey, + + # Returns the public key in a base64-encoded format. + [switch] $Base64 ) - ([Convert]::ToBase64String( - [PSModule.Sodium]::crypto_scalarmult_base( - [Convert]::FromBase64String($PrivateKey)))) + begin { + if (-not $script:Supported) { throw 'Sodium is not supported on this platform.' } + $null = [PSModule.Sodium]::sodium_init() + } + + process { + $publicKeyByteArray = New-Object byte[] 32 + $privateKeyByteArray = [System.Convert]::FromBase64String($PrivateKey) + $rc = [PSModule.Sodium]::crypto_scalarmult_base($publicKeyByteArray, $privateKeyByteArray) + if ($rc -ne 0) { throw 'Unable to derive public key from private key.' } + } + + end { + if ($Base64) { + return [System.Convert]::ToBase64String($publicKeyByteArray) + } else { + return [System.Text.Encoding]::UTF8.GetString($publicKeyByteArray) + } + } } From 90c803a67e2ff6f734316cd5b824dd3880482ec2 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 15:46:11 +0200 Subject: [PATCH 7/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Clean=20up=20outp?= =?UTF-8?q?ut=20formatting=20in=20`Get-SodiumPublicKey`=20documentation=20?= =?UTF-8?q?and=20return=20raw=20byte=20array=20instead=20of=20UTF8=20strin?= =?UTF-8?q?g=20when=20base64=20option=20is=20not=20specified.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/functions/public/ConvertFrom-SodiumSealedBox.ps1 | 6 +----- src/functions/public/Get-SodiumPublicKey.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 index 2d47652..a051a18 100644 --- a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 +++ b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 @@ -78,19 +78,15 @@ if ($privateKeyByteArray.Length -ne 32) { throw 'Invalid private key.' } if ([string]::IsNullOrWhiteSpace($PublicKey)) { - $publicKeyByteArray = New-Object byte[] 32 - $rc = [PSModule.Sodium]::crypto_scalarmult_base($publicKeyByteArray, $privateKeyByteArray) - if ($rc -ne 0) { throw 'Unable to derive public key from private key.' } + $publicKeyByteArray = Get-SodiumPublicKey -PrivateKey $PrivateKey } else { $publicKeyByteArray = [System.Convert]::FromBase64String($PublicKey) if ($publicKeyByteArray.Length -ne 32) { throw 'Invalid public key.' } } - # -------------------------------------------------------------------- $overhead = [PSModule.Sodium]::crypto_box_sealbytes().ToUInt32() $decryptedBytes = New-Object byte[] ($ciphertext.Length - $overhead) - # Attempt to decrypt $result = [PSModule.Sodium]::crypto_box_seal_open( $decryptedBytes, $ciphertext, [UInt64]$ciphertext.Length, $publicKeyByteArray, $privateKeyByteArray ) diff --git a/src/functions/public/Get-SodiumPublicKey.ps1 b/src/functions/public/Get-SodiumPublicKey.ps1 index 0aeba72..3b301ee 100644 --- a/src/functions/public/Get-SodiumPublicKey.ps1 +++ b/src/functions/public/Get-SodiumPublicKey.ps1 @@ -13,7 +13,7 @@ Output: ```powershell - + ``` Derives and returns the public key corresponding to the given base64-encoded private key. @@ -61,7 +61,7 @@ if ($Base64) { return [System.Convert]::ToBase64String($publicKeyByteArray) } else { - return [System.Text.Encoding]::UTF8.GetString($publicKeyByteArray) + return $publicKeyByteArray } } } From 90ba6419133c6340e69982545a92a5fd1c8eec17 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 15:48:50 +0200 Subject: [PATCH 8/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Modify=20`Get-Sod?= =?UTF-8?q?iumPublicKey`=20to=20support=20returning=20public=20key=20as=20?= =?UTF-8?q?a=20byte=20array;=20update=20`ConvertFrom-SodiumSealedBox`=20to?= =?UTF-8?q?=20utilize=20new=20byte=20array=20option=20for=20public=20key?= =?UTF-8?q?=20retrieval.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../public/ConvertFrom-SodiumSealedBox.ps1 | 2 +- src/functions/public/Get-SodiumPublicKey.ps1 | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 index a051a18..0fcaf62 100644 --- a/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 +++ b/src/functions/public/ConvertFrom-SodiumSealedBox.ps1 @@ -78,7 +78,7 @@ if ($privateKeyByteArray.Length -ne 32) { throw 'Invalid private key.' } if ([string]::IsNullOrWhiteSpace($PublicKey)) { - $publicKeyByteArray = Get-SodiumPublicKey -PrivateKey $PrivateKey + $publicKeyByteArray = Get-SodiumPublicKey -PrivateKey $PrivateKey -AsByteArray } else { $publicKeyByteArray = [System.Convert]::FromBase64String($PublicKey) if ($publicKeyByteArray.Length -ne 32) { throw 'Invalid public key.' } diff --git a/src/functions/public/Get-SodiumPublicKey.ps1 b/src/functions/public/Get-SodiumPublicKey.ps1 index 3b301ee..f94f0e6 100644 --- a/src/functions/public/Get-SodiumPublicKey.ps1 +++ b/src/functions/public/Get-SodiumPublicKey.ps1 @@ -19,7 +19,7 @@ Derives and returns the public key corresponding to the given base64-encoded private key. .EXAMPLE - Get-SodiumPublicKey -PrivateKey 'ci5/7eZ0IbGXtqQMaNvxhJ2d9qwFxA8Kjx+vivSTXqU=' -Base64 + Get-SodiumPublicKey -PrivateKey 'ci5/7eZ0IbGXtqQMaNvxhJ2d9qwFxA8Kjx+vivSTXqU=' -AsByteArray Output: ```powershell @@ -34,15 +34,18 @@ https://psmodule.io/Sodium/Functions/Get-SodiumPublicKey/ #> - [OutputType([string])] + [OutputType([string], ParameterSetName = 'Base64')] + [OutputType([byte[]], ParameterSetName = 'AsByteArray')] + [CmdletBinding(DefaultParameterSetName = 'Base64')] [CmdletBinding()] param( # The private key to derive the public key from. [Parameter(Mandatory)] [string] $PrivateKey, - # Returns the public key in a base64-encoded format. - [switch] $Base64 + # Returns the byte array + [Parameter(Mandatory, ParameterSetName = 'AsByteArray')] + [switch] $AsByteArray ) begin { @@ -58,10 +61,10 @@ } end { - if ($Base64) { - return [System.Convert]::ToBase64String($publicKeyByteArray) - } else { + if ($AsByteArray) { return $publicKeyByteArray + } else { + return [System.Convert]::ToBase64String($publicKeyByteArray) } } } From 280a8a273d22f015b781e3bbf704db57cdc7accf Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 18 Apr 2025 15:56:01 +0200 Subject: [PATCH 9/9] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Update=20document?= =?UTF-8?q?ation=20in=20`Get-SodiumPublicKey`=20to=20reflect=20output=20ch?= =?UTF-8?q?anges;=20modify=20example=20outputs=20for=20clarity=20and=20acc?= =?UTF-8?q?uracy=20regarding=20byte=20array=20return.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/functions/public/Get-SodiumPublicKey.ps1 | 39 ++++++++++++++++++-- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/src/functions/public/Get-SodiumPublicKey.ps1 b/src/functions/public/Get-SodiumPublicKey.ps1 index f94f0e6..fc75cef 100644 --- a/src/functions/public/Get-SodiumPublicKey.ps1 +++ b/src/functions/public/Get-SodiumPublicKey.ps1 @@ -13,7 +13,7 @@ Output: ```powershell - + WQakMx2mIAQMwLqiZteHUTwmMP6mUdK2FL0WEybWgB8= ``` Derives and returns the public key corresponding to the given base64-encoded private key. @@ -23,13 +23,46 @@ Output: ```powershell - WQakMx2mIAQMwLqiZteHUTwmMP6mUdK2FL0WEybWgB8= + 89 + 6 + 164 + 51 + 29 + 166 + 32 + 4 + 12 + 192 + 186 + 162 + 102 + 215 + 135 + 81 + 60 + 38 + 48 + 254 + 166 + 81 + 210 + 182 + 20 + 189 + 22 + 19 + 38 + 214 + 128 + 31 ``` - .OUTPUTS string + .OUTPUTS + byte[] + .LINK https://psmodule.io/Sodium/Functions/Get-SodiumPublicKey/ #>