Private/EncryptFile.ps1
|
<#
.SYNOPSIS Encrypts a file using AES. .DESCRIPTION Encrypts a file using an AES key. .PARAMETER FileToEncrypt File(s) to be encrypted .PARAMETER Key AES key to be used for encryption. .EXAMPLE $key = NewCryptographyKey -AsPlainText EncryptFile 'C:\file.ext' $key This example encrypts C:\file.ext with the key stored in the variable $key. .NOTES Author: Tyler Siegrist Date: 8/23/2016 https://gallery.technet.microsoft.com/scriptcenter/EncryptDecrypt-files-use-65e7ae5d #> Function EncryptFile { Param( [Parameter(Mandatory=$true, Position=1)] [System.IO.FileInfo[]]$FileToEncrypt, [Parameter(Mandatory=$true, Position=2)] [String]$Key, [Parameter(Mandatory=$false, Position=3)] [String]$Suffix ) #Load dependencies try { if ($PSVersionTable.PSEdition -eq "Core") { $SystemCoreAssemblyPath = $($(Get-Command pwsh).Source | Split-Path -Parent) + '\System.Core.dll' if (!$(Test-Path $SystemCoreAssemblyPath)) { Write-Error "The path '$SystemCoreAssemblyPath' was not found! Halting!" $global:FunctionResult = "1" return } $null = Add-Type -Path $SystemCoreAssemblyPath } else { [System.Reflection.Assembly]::LoadWithPartialName('System.Security.Cryptography') } } catch { Write-Error 'Could not load required assembly.' Return } #Configure AES try { $EncryptionKey = [System.Convert]::FromBase64String($Key) $KeySize = $EncryptionKey.Length*8 $AESProvider = New-Object 'System.Security.Cryptography.AesManaged' $AESProvider.Mode = [System.Security.Cryptography.CipherMode]::CBC $AESProvider.BlockSize = 128 $AESProvider.KeySize = $KeySize $AESProvider.Key = $EncryptionKey } catch { Write-Error 'Unable to configure AES, verify you are using a valid key.' Return } Write-Verbose "Encryping $($FileToEncrypt.Count) File(s) with the $KeySize-bit key $Key" #Used to store successfully encrypted file names. $EncryptedFiles = @() foreach ($File in $FileToEncrypt) { <# if ($File.Name.EndsWith($Suffix)) { Write-Error "$($File.FullName) already has a suffix of '$Suffix'." Continue } #> #Open file to encrypt try { $FileStreamReader = New-Object System.IO.FileStream($File.FullName, [System.IO.FileMode]::Open) } catch { Write-Error "Unable to open $($File.FullName) for reading." Continue } #Create destination file $DestinationFile = "$($File.FullName).aesencrypted" try { $FileStreamWriter = New-Object System.IO.FileStream($DestinationFile, [System.IO.FileMode]::Create) } catch { Write-Error "Unable to open $DestinationFile for writing." $FileStreamReader.Close() Continue } #Write IV length & IV to encrypted file $AESProvider.GenerateIV() $FileStreamWriter.Write([System.BitConverter]::GetBytes($AESProvider.IV.Length), 0, 4) $FileStreamWriter.Write($AESProvider.IV, 0, $AESProvider.IV.Length) Write-Verbose "Encrypting $($File.FullName) with an IV of $([System.Convert]::ToBase64String($AESProvider.IV))" #Encrypt file try { $Transform = $AESProvider.CreateEncryptor() $CryptoStream = New-Object System.Security.Cryptography.CryptoStream($FileStreamWriter, $Transform, [System.Security.Cryptography.CryptoStreamMode]::Write) [Int]$Count = 0 [Int]$BlockSizeBytes = $AESProvider.BlockSize / 8 [Byte[]]$Data = New-Object Byte[] $BlockSizeBytes do { $Count = $FileStreamReader.Read($Data, 0, $BlockSizeBytes) $CryptoStream.Write($Data, 0, $Count) } while ($Count -gt 0) #Close open files $CryptoStream.FlushFinalBlock() $CryptoStream.Close() $FileStreamReader.Close() $FileStreamWriter.Close() #Delete unencrypted file Remove-Item $File.FullName Write-Verbose "Successfully encrypted $($File.FullName)" $EncryptedFiles += $DestinationFile } catch { Write-Error "Failed to encrypt $($File.FullName)." $CryptoStream.Close() $FileStreamWriter.Close() $FileStreamReader.Close() Remove-Item $DestinationFile } } $Result = New-Object -TypeName PSObject $Result | Add-Member -MemberType NoteProperty -Name Computer -Value $env:COMPUTERNAME $Result | Add-Member -MemberType NoteProperty -Name AESKey -Value $Key $Result | Add-Member -MemberType NoteProperty -Name FilesEncryptedwAESKey -Value $EncryptedFiles return $Result } |