Comments (35)
Thanks, @jtwaddle !
from psgsuite.
Working on this still @jtwaddle - Once I have this ready, I may need some testing feedback from you since my personal domain doesn't have S/MIME (G Suite Business) and my org uses an external solution for handling email encryption, so no dice there either lol.
I'll keep you updated here though!
from psgsuite.
Branch created for this feature request: https://github.com/scrthq/PSGSuite/tree/feature/SMIME_support_issue57
from psgsuite.
hey @jtwaddle - S/MIMEInfo functions have been added in as of v2.11.0! I don't have an Enterprise subscription with S/MIME enabled, so I'm not 100% comfortable that New-GSGmailSMIMEInfo
is going to format the cert correctly. When you get a chance, can you let me know if all is well?
from psgsuite.
from psgsuite.
Sounds good! Looking forward to your feedback, have a great weekend!
from psgsuite.
Initial Testing:
Get-GSGmailSMIMEInfo - appears to function as expected.
New-GSGmailSMIMEInfo: I am getting an error when trying to run it. The cert and password work fine when I add it via the GUI.
New-GSGmailSMIMEInfo -User '[email protected]' -SendAsEmail '[email protected]' -Pkcs12 "D:\gmailcertzoo.pfx" -EncryptedKeyPassword $SecurePassword
New-GSGmailSMIMEInfo : Exception calling "Execute" with "0" argument(s): "Google.Apis.Requests.RequestError
Bad Request [400]
Errors [
Message[Bad Request] Location[ - ] Reason[invalidArgument] Domain[global]
]
"
At line:1 char:1
from psgsuite.
The issue looks related to these lines:
EncryptedKeyPassword {
$body.$key = (New-Object PSCredential "user",$PSBoundParameters[$key]).GetNetworkCredential().Password
}
Pkcs12 {
$body.$key = $p12String
}
It looks like you need to set these to two different values instead of both to $body.$key make them both part of a smimeInfo object which I assume is $body.
from psgsuite.
from psgsuite.
from psgsuite.
@jtwaddle - I have some ideas on how to adjust that block below. If you could swap that out, reimport the module with the -Force
parameter, then try, that would be awesome!
I have no doubt that the cert and password you're supplying are correct and valid, this is a conversion issue within the function.
I re-opened this issue for tracking so it doesn't get buried =]
EncryptedKeyPassword {
$body.$key = (New-Object PSCredential "user",$PSBoundParameters[$key]).GetNetworkCredential().Password
}
Pkcs12 {
$p12String = Convert-Base64 -From Base64String -To WebSafeBase64String -String ([System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Resolve-Path $PSBoundParameters[$key]).Path)))
$body.$key = $p12String
}
from psgsuite.
from psgsuite.
from psgsuite.
from psgsuite.
@jtwaddle - Thanks for your help out with testing and your patience on this! Here are a few more options:
1. P12 as Base64 and Password as plain text:
EncryptedKeyPassword {
$body.$key = (New-Object PSCredential "user",$PSBoundParameters[$key]).GetNetworkCredential().Password
}
Pkcs12 {
$body.$key = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Resolve-Path $PSBoundParameters[$key]).Path))
}
2. P12 as Base64 and Password as Base64:
EncryptedKeyPassword {
$body.$key = Convert-Base64 -From NormalString -To Base64String -String (New-Object PSCredential "user",$PSBoundParameters[$key]).GetNetworkCredential().Password
}
Pkcs12 {
$body.$key = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Resolve-Path $PSBoundParameters[$key]).Path))
}
3. P12 as WebSafeBase64 and Password as WebSafeBase64:
EncryptedKeyPassword {
$body.$key = Convert-Base64 -From NormalString -To WebSafeBase64String -String (New-Object PSCredential "user",$PSBoundParameters[$key]).GetNetworkCredential().Password
}
Pkcs12 {
$body.$key = Convert-Base64 -From Base64String -To WebSafeBase64String -String ([System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes((Resolve-Path $PSBoundParameters[$key]).Path)))
}
Let me know if any of these get you going!
from psgsuite.
from psgsuite.
Seeing if I can get Google to give me a test domain with Enterprise licensing so I can test on my end. I don't have any other suggestions off hand right now though 😞 I'll keep you updated!
from psgsuite.
from psgsuite.
Nothing yet 😢 I've tried a couple different avenues to get access to an Enterprise account so I can test further as well as reached out to their Gmail API support team and have gotten literally nothing useful back 😞
from psgsuite.
from psgsuite.
from psgsuite.
hey @jtwaddle - nothing yet, apologies on the delay on this, it's literally been forever and I feel bad 😢. I am going to check out bumping my own account to Enterprise where I can test so I can close this one out, just been a bit slammed.
from psgsuite.
from psgsuite.
hey @jtwaddle - I updated my own account to Enterprise and have been giving it a few whacks and am at least replicating the issue. Going to try going through the REST API directly instead of the .NET SDK, in case there's an issue with the .NET SDK itself. I should hopefully have some progress on this by this weekend!
Now to find a low-cost cert that Google will allow for S/MIME...
from psgsuite.
Sectigo (fka Comodo) actually has some reasonably priced ones that I believe are trusted by Google for S/MIME
from psgsuite.
from psgsuite.
Doesn't appear so (but will confirm with their support for sure). Google search still turns up results that point at https://www.comodo.com/home/email-security/free-email-certificate.php
, but going to that link takes you to the page linked in my last comment and searching for the word "free" in the page contents doesn't yield anything, so my guess is Google cached search results still showing =\
from psgsuite.
This may work potentially: https://sectigo.com/ssl-certificates/free-trial
from psgsuite.
from psgsuite.
Hey @jtwaddle - I've been on vacation but should hopefully be jumping on this again by the weekend!
from psgsuite.
from psgsuite.
@jtwaddle - still nothing, I need to pick this back up. Thanks for the poke!
from psgsuite.
@jtwaddle Opened up googleapis/google-api-dotnet-client#1492 to see if there's an issue with the .NET SDK potentially
from psgsuite.
@jtwaddle - Working on the issue in the google-api-dotnet-client
repo, but I was doing some code comparison against GAM and was able to replicate the resulting string being sent as the value for Pkcs12
when inserting a new S/MIME object.
v2.35.1 is being deployed now and should be ready to test at your convenience =]
from psgsuite.
@jtwaddle - let me know if you've had a chance to test! Working with the Google API Client team and the changes implemented should have it working now. Anxiously awaiting your feedback :D
from psgsuite.
Related Issues (20)
- Additional Reports Since Last Edited HOT 1
- Send-GmailMessage: Special characters not displayed as expected in HTML Body HOT 1
- Inconsistent Get-GSUser "IsEnrolledIn2Sv" field results when multiple users are returned HOT 1
- Update-GSChromeOSDevice - Wipe devices User Profile Only HOT 6
- PowerShell Constrained Language mode HOT 1
- Setup Guide Unclear / Not up to Date HOT 5
- Dynamically Generating Functions for Slide/Doc/Sheet updates
- Create Documents and Presentations
- 2.37.0 release is too big for Azure Automation
- Add option to enable conversation history HOT 1
- Licensing Data out of date HOT 4
- Still being developed?
- Add Last Known Network to Get-GSChromeOSDevice HOT 8
- Get-GSGmailSignature ... Update-GSGmailSignature HOT 1
- Update-GSUser support for unarchiving HOT 2
- Update-GSUserSecuritySettings -User User -AllowLessSecureApps -$True
- Set group labels via CloudIdentity API
- I am getting error in gsuite assement
- Initial Setup Instructions Need Updating (Here's what worked for me) HOT 1
- Implement retries with exponential backoff for long running commands like Get-GSDriveFileList
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from psgsuite.