Contenidos
Servidor que envía una cadena segura cifrando la comunicación
Utiliza un certificado X509 generado desde OpenSSL https://www.jesusninoc.com/03/13/crear-un-certificado-pfx-con-openssl-desde-powershell/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(,"C:\Users\juan\certificate.pfx","1234") $port = "1236" $TcpListener = [System.Net.Sockets.TcpListener][int]$port $TcpListener.start() $TcpStream = $TcpListener.AcceptTcpClient() $SslStream = New-Object System.Net.Security.SslStream $TcpStream.GetStream(), $false, ({$True} -as [Net.Security.RemoteCertificateValidationCallback]) $SslStream.AuthenticateAsServer($Certificate, $false, [System.Security.Authentication.SslProtocols]::tls, $false) $mensaje = (New-Object System.IO.StreamWriter $SslStream) # Enviar password seguro $var = (Get-Credential).Password | ConvertFrom-SecureString $mensaje.Write($var) $mensaje.Dispose() $TcpListener.Stop() |
Cliente que recibe una cadena segura
Utiliza un certificado X509 generado desde OpenSSL https://www.jesusninoc.com/03/13/crear-un-certificado-pfx-con-openssl-desde-powershell/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
$Certificate = $null $TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient $TcpClient.Connect("127.0.0.1", "1236") $TcpStream = $TcpClient.GetStream() $SslStream = New-Object System.Net.Security.SslStream $TcpStream, $false, ({$True} -as [Net.Security.RemoteCertificateValidationCallback]) $SslStream.AuthenticateAsClient((New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(,"C:\Users\juan\certificate.pfx","1234"))) $Certificate = $SslStream.RemoteCertificate if ($Certificate) { if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) { $Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate } Write-Output $Certificate } $mensaje = New-Object System.IO.StreamReader $SslStream $credenciales = $mensaje.ReadLine() | ConvertTo-SecureString $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR(($credenciales)) $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) $PlainPassword $SslStream.Dispose() $TcpClient.Dispose() |
Resultado
