Add support for libsodium encryption with Windows PowerShell

[aprajitapriya]

Environment

Operating System: Windows
VenafiPS version: 6.0.6
PowerShell version: 5.1
TPP version (if applicable):

Steps to reproduce

New-VenafiSession -VaasKey '*' Export-VcCertificate -ID '***' -OutPath '**' -PrivateKeyPassword '****'

Expected behavior

The .pem file gets downloaded with private keys in it.

Actual behavior

Getting below error: "ConvertTo-SodiumEncryptedString : Could not initialize platform-specific components. libsodium-core may not be supported on this platform. See https://github.com/ektrah/libsodium-core/blob/master/INSTALL.md for more information."

Without passing the privatekeypassword the .pem file gets downloaded fine. But I need the private keys in the file to be able to convert it into a pfx or pkcs12 file.

Screenshots

[gdbarron]

@aprajitapriya it's currently on the backlog to support Windows PowerShell when encryption is required with TLSPC. For now, PowerShell Core, v7, will need to be installed.

[gdbarron]

@aprajitapriya, I see you are running Windows, but which version?

[aprajitapriya]

Trying with Powershell v7 too, but I get the same error:

[aprajitapriya]

@aprajitapriya, I see you are running Windows, but which version?

I am currently running this on Windows Server 2016

[aprajitapriya]

@gdbarron Is there a timeline when it will be possible to download pkcs12/pfx using VenafiPS module?

[gdbarron]

libsodium-core has a requirement, just for Windows, of installing the Visual C++ redist. I was able to reproduce your issue and installing that redist fixed it.

[aprajitapriya]

Oh ok. I had tried downloading libsodium library and placing it in System32 folder but still it didn't work for me. If you have plans to include this functionality in windows PowerShell in near future, I can wait for it, instead of installing all the dependencies to support the current version.

[gdbarron]

The only dependency that needs to be installed is the visual c++ runtime. libsodium is already included with the module and does not need to be installed separately. I'll give some thought as to the best way to handle the runtime going forward. For the short term, if using Windows, I'd install manually.

[aprajitapriya]

Hello @gdbarron, There is another issue I am coming across while using Export-VcCertificate command. I get this error irrespective of whether I supply a value for OutPath parameter or not.

In Export-VcCertificate.ps1 (line 197), there is command to create a new temporary file.

[gdbarron]

Thanks for reporting this. This is related to PS5 and all PS5 related items will be resolved with the new PR, https://github.com/Venafi/VenafiPS/pull/243; this error is already fixed. Please feel free to test the new PR.

[aprajitapriya]

@gdbarron I am having trouble updating the manifest using the latest PR. Do you have an ETA when this PR will be merged and have the changes in new version of VenafiPS?

[gdbarron]

@aprajitapriya v6.1.0 has been released. PS7 as well as VC++ runtime, on Windows, is required for those functions utilizing Sodium encryption. I will continue to work on adding support for PS5.

[aprajitapriya]

Thank you @gdbarron. Yes I could download the private keys too using the new VenafiPS version. However I am not getting the right openssl cmdlet to use to convert it to pfx or pkcs12 format.

[gdbarron]

No guarantees, but give the following a shot: openssl pkcs12 -export -out result.pfx -inkey mypemfile.pem -in mypemfile.pem

[aprajitapriya]

Yeah I tried this. It didn't work. I will wait for the functionality of downloading pkcs12/pfx files added in VenafiPS module.

[gdbarron]

You tried it with the password parameter as well? I believe that's required when using -inkey.

[aprajitapriya]

Yes I tried with password parameter as well