0

Present a string of text as a file to an external program?

I have a script that calls openssl to digitally sign an XML element from an XML file. Not the whole XML file, just one element.

openssl only works with files, not strings or other objects. So I get the element in Powershell, export it to a file, then call openssl on the new file. Snippet:

[xml]$schema = Get-Content myFile.xml
$head = $schema.data.head.InnerXml
$head | Out-File temp.txt
./openssl.exe dgst -sha256 -sign mykey.key -passin:1234 -out sig.sig temp.txt
./openssl.exe base64 -in sig.sig -out base64sig.txt
$schema.data.signature = Get-Content base64sig.txt

This makes two temporary files (temp.txt and base64sig.txt). And if Out-File doesn't have the right flags, temp.txt is slightly different from the XML (whitespace) and thus produces a different signature.

I'd like to present the variable $head as a text file to openssl. Is this possible? Can you map a FileStream to a letter drive, then use the drive path to "fool" openssl into opening it as a file?

Michael Cornn
  • 269
  • 3
  • 13

2 Answers2

0

If you can get the string to display as an output in PowerShell, you can save it to a file anywhere you like as follows:

[COMMAND] > [OUTPUT FILE]

This will save whatever text is output to the PowerShell window for that command to a text file. You can then call that text file in your OpenSSL command.

Christopher H
  • 338
  • 2
  • 16
0

$head | Set-Content temp.txt can set the contents of your .txt file from the variable contents exactly.

I don't know how to fool openssl into reading a variable as a file... however, according to openssl documentation if you don't supply a file it uses Standard Input https://www.openssl.org/docs/manmaster/man1/openssl-dgst.html

It's possible $head | ./openssl.exe dgst -sha256 -sign mykey.key -passin:1234 -out sig.sig or ./openssl.exe dgst -sha256 -sign mykey.key -passin:1234 -out sig.sig $($head) would work but might be more fragile than what you're doing now.

You could also try calling .NET functions from within PowerShell to do the XML signing instead, this might help https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-sign-xml-documents-with-digital-signatures

Garrett
  • 1,598
  • 4
  • 14
  • 25