DSCResources/POSHOrigin_vSphere_VM/Provisioners/Chef/helpers/_InvokeEncrypt.ps1

[CmdletBinding()]
param (
    # String to encrypt
    $data,

    [alias('pemPath')]
    # the item in the config to use to sign the data
    $pem,

    [switch]
    # The default way to encrypt with RSA is to use the public key
    # By setting this switch the private key will be used instead
    $private
)

& "$PSScriptRoot\_InitializeBouncyCastle.ps1"

$keys = & "$PSScriptRoot\_GetKeyPairFromPem.ps1" -pem $pem

$engine = New-Object Org.BouncyCastle.Crypto.Encodings.Pkcs1Encoding (New-Object Org.BouncyCastle.Crypto.Engines.RsaEngine)

# use the public or private key for encryption, if the keys is a valid object
if ($keys -is [Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair]) {
    # this is a valid key pair so the choice of public or private key encryption is allowed
    if ($private) {
        $engine.Init($true, $keys.Private)
    } else {
        $engine.Init($true, $keys.Public)
    }
} elseif ($keys -is [Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters]) {
    # only the public key has been passed so just add the key to initialise the engine
    $engine.Init($true, $keys)
}

# Get a byte array from the data if it is a string
if ($data -is [String]) {
    $encoding = New-Object System.Text.ASCIIEncoding
    $dataBytes = $encoding.GetBytes($data)
} elseif ($data -is [Byte[]]) {
    $dataBytes = $data
}

$encrypted = $engine.ProcessBlock($dataBytes, 0, $dataBytes.Length)

# Delete temporary key
#Remove-Item -Path $pem -Force

# return the base64 encoded string
return [Convert]::ToBase64String($encrypted)