O2 Script: automating PuttyGen to create Public and Private Keys
Once we have Tortoise installed (using an O2 Script) the next step is to create the SSH RSA keys using PuttyGen (which is include in TortoiseGit).
This script automates the whole process where it:
- asks the user for the following details: Key Name, PassPhrase, Target directory
- starts the puttygen process
- uses windows Automation to populate the required values and click on the buttons (puttygen needs some extra mouse movement in order to generate the key)
- saves the public and private key
This is how it is invoked
var gitHub = new API_GitHub(); gitHub.putty_generateKeys(); //O2Ref:White.Core.dll //O2File:API_GitHub.cs
Here is the code that drives the automation
public static API_GitHub putty_generateKeys(this API_GitHub gitHub, string keyPassPhrase, string publicKey, string privateKey)
{
if (keyPassPhrase.inValid() || publicKey.inValid() || privateKey.inValid())
{
"the keyPassPhrase, publicKey, privateKey needs to be valid".error();
return gitHub;
}
var puttyGenPath = @"C:\Program Files\TortoiseGit\bin\puttygen.exe";
if (puttyGenPath.fileExists().isFalse())
{
"Error: could not find puttyGen in TortoiseGit folder: {0}".error(puttyGenPath);
return gitHub;
}
var process = puttyGenPath.startProcess();
var puttyGen = new API_GuiAutomation(process);
var window = puttyGen.windows()[0];
var generateButton = window.button("Generate").click();
/// lets move the mouse a bit to create some randomness for PuttyGen
window.mouse();
generateButton.mouse();
window.mouse();
generateButton.mouse();
window.mouse();
//once the key is generated we need to put in the passphrase
window.textBox("Key passphrase:").set_Text(keyPassPhrase ?? "");
window.textBox("Confirm passphrase:").set_Text(keyPassPhrase ?? "");
//Saving private Key
window.button("Save private key").click();
var saveAsWindow = puttyGen.window("Save private key as:");
saveAsWindow.textBox("File name:").set_Text(privateKey);
saveAsWindow.button("Save").click();
//Saving public Key
window.button("Save public key").click();
saveAsWindow = puttyGen.window("Save public key as:");
saveAsWindow.textBox("File name:").set_Text(publicKey);
saveAsWindow.button("Save").click();
process.stop();
"The keys were saved to {0} and {1}: {0}".info(publicKey, privateKey);
return gitHub;
}
About
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)
Download
Windows ClickOnce Installer:
Mailing List
The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)
OWASP O2 Platform Blog 