colombeen

Advanced certificate install question

37 posts in this topic

#1 ·  Posted (edited)

Hi guys,

I have a pretty advanced question...

 

This is the issue i'm facing :

On a regular basis we need to install pfx certificates (with password protection) on devices from external companies.

To install the certificate we always have to contact the user, setup a really dull and long process to get an RDP session to that device, install the certificate.

 

I'm looking for :

a way to generate exe files on the fly, that will include the pfx file and password, and automatically install them without any interaction from the user, and the user not being able to retrieve the password to install the certificate.

 

Question :

Is this possible with AutoIT? And if so, does anyone have a working example for the certificate installation part or the auto generate with file include?

 

Thx in advance

colombeen

Edited by colombeen

Share this post


Link to post
Share on other sites



#3 ·  Posted (edited)

NOOOO!!!

not at all. we regularly need to grant access for external users to access our domain. to do so we need to install a certificate that allows them to connect.

I want to automate the install process of the cert so that we don't need to make the rdp session etc.

i want to send them the "certificate installer" generated with autoit via email or something else so that they can install the certificate without us needing remote control (because they can't know the password for the cert, that's why we need RDP => security reasons)

if i can automate this into an autoit compiled executable (has to be encrypted) i can speed up the process.

this is what I'm aiming for =>

- generate certificate + password via powershell
- call autoit compiler from powershell, telling it where the certificate is placed and what the password is (and maybe something else to verify the device)
- compiler needs to create an exe that holds both items
- it checks for the hostname (or something else) of the device it will be run on
- if everything checks out, install the certificate
- certificate installer shouldn't work for more then a few hours and then it should just stop working (to make sure it only will be installed on 1 device)
- user get's a message that the installing was a success or a failure

Edited by colombeen

Share this post


Link to post
Share on other sites

I know it's not a good way to include a pass in a script, but it's just so time consuming. i was just hoping that i would be possible with encryption on the exe file

Share this post


Link to post
Share on other sites

@colombeen,

yes, this is possible, and i dare say rather easy.

the "embedded password" catch can be easily avoided - do not embed the password. instead, equip your "installer" with an input box for the password, and when you guide the end user throughout the installation process (by phone i assume), read-out the password to the user when the time comes to type it in.

now, here's how you proceed:

1) report your topic and have a moderator move it to the General Help and Support forum, where it truely belongs and will get a more assistive attention.

2) learn the following AutoIt functions:

FileInstall() - to embed and extract an external file (the pfx) in the compiled script

InputBox() - to ask the user for the password

Run() - to launch certutil.exe to install the certificate

MsgBox() - to inform the user of failure or success

3) make a decent attempt at it and come back if you need further assistance.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

17 hours ago, orbs said:

the "embedded password" catch can be easily avoided - do not embed the password. instead, equip your "installer" with an input box for the password, and when you guide the end user throughout the installation process (by phone i assume), read-out the password to the user when the time comes to type it in.

This is not an option... the user may never hear/read/touch/... the password for the certificate file. otherwise i could just send the certificate with the password and i would be done with it...

Also... the fileinstall etc... I need to be able to add the file on the fly from a command like

AutoITCompiler.exe -compile -au3file "certinstaller.au3" -outputfile "certinstaller.exe" -includefile "cert6546548979821.pfx" -addvariable "Th1sIsN0tAR34lP4ssw0rd!" -encrypted -somethingsomething

so that i can run the function that creates the certificate with the required params, generates the executable, creates an e-mail and sends it with the steps the user should take.

 

creating a script that can install a certificate will prob not be such a big hastle for me... it's the auto generate part that i don't know/have no experience with

Edited by colombeen

Share this post


Link to post
Share on other sites

@colombeen As we discussed via PM I think the suggestion given to you to move this to General Help and Support was incorrect, as this thread is still about the mechanics of accomplishing what you're after rather than a specific issue with an AutoIt script. For that reason I think DEV forum is the perfect place to discuss the how's and why's of what you are trying to accomplish.

If you get to the point of creating the script to install your certificate, as you mention above, and run into issues, then I think it would make sense to create a thread in General Help and Support for specifically that subject. You can even link it back here for someone who wants all the history on it.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

3 hours ago, colombeen said:

This is not an option... the user may never hear/read/touch/... the password for the certificate file.

ok, then this is a case of production / security trade-off. consider the following:

1) certificate is bound to a hostname

2) certificate has a limited time before expiration

3) certificate alone is not sufficient for connection, a username/password combination is required as well

4) a script that simple can be safely made with an older version of AutoIt, which supports obfuscating the code

given the above, i'd say the risk of a compromised certificate password is low. if your CISSO agrees, then embed the password. the rest is technicality:

3 hours ago, colombeen said:

Also... the fileinstall etc... I need to be able to add the file on the fly from a command like

this is actually a lot easier than you think. off-hand i'd follow this logic:

the parameters which vary from one certificate to another is the certificate file name and the password. put in your main script a line like this:

#include <CurrentCertificateInfo.au3>

in your PoweShell script (or batch file), right after you create the certificate (and you know its file name and password), create a new file named CurrentCertificateInfo.au3 and have it contain these two lines:

FileInstall("cert6546548979821.pfx", @TempDir & '\CurrCert.pfx', 1)
Global $sPassword = "Th1sIsN0tAR34lP4ssw0rd!"

the main script the uses CurrCert.pfx and $sPassword in due time.

now study the correct syntax of compiling from the command line from the AutoIt help file: AutoIt > using AutoIt > Compiling Scripts > Method 3 - The Command Line

you'll find all your requirements are met by the available command line switches (except of the "-encrypted -somethingsomething" part, which i don't understand what it means).

Edited by orbs
1 person likes this

Share this post


Link to post
Share on other sites

#12 ·  Posted

Thx for the info @orbs

I'll check into it

Share this post


Link to post
Share on other sites

#13 ·  Posted

If you want install certs in Windows store (not on Crypto card) you could try to use certutil. For this case you could check my Certutil UDF 


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

#14 ·  Posted

17 hours ago, mLipok said:

If you want install certs in Windows store (not on Crypto card) you could try to use certutil. For this case you could check my Certutil UDF 

I wish that I could use the UDF but it doesn't support passwords for pfx certificates, and that is the most important part of this automation. I'll see how far I can get with my project and maybe I'll try to add some features to the udf

Share this post


Link to post
Share on other sites

#15 ·  Posted

I'm changing the way I'll be handling the passwords for the certificates.

I'll be using a little webservice that will retrieve the password, and if the certificate is installed correctly, the webservice will be returned an OK to remove the password

 

this is the command i'll be using to install the PFX files : 

certutil -f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot

The biggest issue is that I can't be sure if the install was a succes because certutil always returns 0 as an exit code, and I'm not sure how to retrieve the errorlevel environment variable from a cmd window

Share this post


Link to post
Share on other sites

#16 ·  Posted

I will Look at this, late night.


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

#17 ·  Posted

2 hours ago, colombeen said:

 

I'm changing the way I'll be handling the passwords for the certificates.

I'll be using a little webservice that will retrieve the password, and if the certificate is installed correctly, the webservice will be returned an OK to remove the password

 

that's still no guarantee to prevent compromised password, but if that's OK with your CISSO, it's fine by me... ;)

2 hours ago, colombeen said:

... I can't be sure if the install was a succes ...

after you call certutil.exe to import the certificate, call it again with the parameter -store only. this will generate a list of the installed certificates, which you can check for the presence of your certificate.

Share this post


Link to post
Share on other sites

#18 ·  Posted

I'd rather check the errorlevel code if at all possible... it's alot more code for a verification... the info from the pfx can't be read by the autoit gui so I'd have to provide it some other way (reading out the certutil install info or something but that would take alot more time to code)

issue for me is that if you do the command for the certinstall, and you add " & echo %errorlevel%" it always shows the errorlevel from before the certutil command... it has the be executed on it's own line and not in a oneliner

Share this post


Link to post
Share on other sites

#19 ·  Posted

Try to use this:
 

Func _CertUtil_ImportPFX()
    Local $sResult = __CertUtil_RunWrapper('-f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot','','')

    ; CertUtil: -delstore command completed successfully.
    If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then
        Return SetError($CUTIL_ERR_GENERAL, $CUTIL_EXT_DEFAULT, 0)
    EndIf

    Return SetError($CUTIL_ERR_SUCCESS, $CUTIL_EXT_DEFAULT, $CUTIL_RET_SUCCESS)

EndFunc    ;==>_CertUtil_delstore

 

Here are my results:

Quote

====================================================================
Command: certutil.exe -f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot  
Stdout Read:
CertUtil: -importPFX command FAILED: 0x80070003 (WIN32: 3 ERROR_PATH_NOT_FOUND)
CertUtil: System nie może odnaleźć określonej ścieżki.
====================================================================

>>>>>> Please close the "Report Log Window" to exit <<<<<<<

As you can see:
"System nie może odnaleźć określonej ścieżki."
"System can't  find the specified path."

 

I think this should be all what you need.

Regards
mLipok


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 - BETA * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Best coding practices * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2017-06-04

Share this post


Link to post
Share on other sites

#20 ·  Posted

5 hours ago, mLipok said:

Try to use this:
 

Func _CertUtil_ImportPFX()
    Local $sResult = __CertUtil_RunWrapper('-f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot','','')

    ; CertUtil: -delstore command completed successfully.
    If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then
        Return SetError($CUTIL_ERR_GENERAL, $CUTIL_EXT_DEFAULT, 0)
    EndIf

    Return SetError($CUTIL_ERR_SUCCESS, $CUTIL_EXT_DEFAULT, $CUTIL_RET_SUCCESS)

EndFunc    ;==>_CertUtil_delstore

 

The issue with this check is that 

If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then

Will not work on my system because the return information from the error is in dutch on my device. As we need to send out this installer to people all over europe, I can't be checking on every language...

Also it seems that when I run it without comspec i do get the exit code correctly

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Luigi
      By Luigi
      Greetings,
      I want use WinHttpRequest to access a OpenShift API server, it use a self signed certificate.
      Does now work...
      I never try with a self signed certificate, how do this?
      Best regards
      Global $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://openshift.domain:1234/api/", False) $oHttp.Option(4) = 0x0100 + 0x0200 + 0x1000 + 0x2000 $oHTTP.Option(9) = 0x0080 ;WinHttpRequestOption_SecureProtocols ;~ $oHttp.SetClientCertificate("LOCAL_MACHINE\\Personal\\certificado.crt") $oHttp.Send() $oHttp.WaitForResponse() Local $oAllHeaders = $oHttp.GetAllResponseHeaders() $oReceived = $oHttp.ResponseText $oStatusCode = $oHttp.Status $oHttp = 0 If $oStatusCode = 200 Then ConsoleWrite("$oAllHeaders--------------------" & @LF & $oAllHeaders & "$oAllHeaders--------------------" & @LF) Else ConsoleWrite("< error = " & $oReceived & @LF & $oAllHeaders & @LF) EndIf  
    • VIP
      By VIP
      I can not do anything with any user in the "Local Users Group"
      I tried from my account but I could not change my password (ie set new password)!
      But I was able to activate the Administrator account and I logged into the Administrator account and still could not do anything with my account! But I can set the password and disable the Administrator account from my account or Administrator.
      Any ideas? (Ignore the click on the Sign-in option in the Change Accout settings.)
       

    • Parsix
      By Parsix
      Hi
      i try import protected pfx file to Windows XP by CertUtil
      i need add a pfx to this CertificateStoreName:
      "Trusted Root Certification Authorities" "Trusted Publishers" "Third-Party Root Certification Authorities" certutil import pfx to  Windows 10 by this command
       
      Local $path_OSSys=@WindowsDir&"\System32" If @OSArch="X64" Or @OSArch="IA64" Then $path_OSSys=@WindowsDir&"\SysWOW64" $command="certutil.exe -f -p " & $password &' -importPFX TrustedPublisher "' & $pfx & '"' $iPID = Run($path_OSSys&"\CMD.exe" & " /C " & $command,"",@SW_HIDE) ProcessWaitClose($iPID) $command="certutil.exe -f -p " & $password &' -importPFX AuthRoot"' & $pfx & '"' $iPID = Run($path_OSSys&"\CMD.exe" & " /C " & $command,"",@SW_HIDE) ProcessWaitClose($iPID) work fine.
       
      in Windows XP :
      i add certutil.exe and certadm.dll (Windows Server 2003 -v5.2.3790) to System Folder ($path_OSSys)
      but it can't support CertificateStoreName and only add this command line
      Local $path_OSSys=@WindowsDir&"\System32" If @OSArch="X64" Or @OSArch="IA64" Then $path_OSSys=@WindowsDir&"\SysWOW64" $command="certutil.exe -f -p " & $password &' -importPFX "' & $pfx & '"' $iPID = Run($path_OSSys&"\CMD.exe" & " /C " & $command,"",@SW_HIDE) ProcessWaitClose($iPID) it add to pepole only.
       
      How to add pfx to "Trusted Root Certification Authorities", "Trusted Publishers" and "Third-Party Root Certification Authorities"  (Windows XP only)?
      how to convert and use X509Store (C# codes here)
      X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(new X509Certificate2(PFX, "myPass", X509KeyStorageFlags.MachineKeySet)); store.Close(); X509Store store2 = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine); store2.Open(OpenFlags.ReadWrite); store2.Add(new X509Certificate2(PFX, "myPass", X509KeyStorageFlags.MachineKeySet)); store2.Close();  
    • CarlD
      By CarlD
      I'm a command-line kind of guy, and I write scripts primarily for myself.  Since many websites nowadays require strong passwords, I thought I'd write a simple password generator in AutoIt. I know that AutoIt mavens have written more elaborate pw generators; I offer mine for what it's worth. The compiled script, GenPass.exe, can be downloaded here. See below for Help text and source. Enjoy!
      Updates:
      2017-05-06: Default password changed to variable length of 13-22 characters; argument "1" no longer supported
                            When compiled as GenPW.exe, password is sent directly to the clipboard, no message box unless password generation fails.
      2017-05-05: Correction to bypass password generation if argument is ?|H|h
      2017-05-03: Added special argument 1 to generate a password of variable length (10-18 characters) including two (2) separator characters
      2017-05-02: Added option /S to set a (persistent) randomization seed
      Help:
      GenPass.exe|GenPW.exe -- CLD rev. 2017-05-06
      Generate a strong password and save it to the Windows clipboard
      Note: GenPW.exe has the same functionality as GenPass.exe, but
            sends the generated password directly to the clipboard.
            No message box is displayed (unless password generation fails).
        
      "Strong" means that the password contains random combinations of
      alphnumeric characters, including at least one uppercase letter
      (A-N,P-Z), one lowercase letter (a-k,m-z), and one number (0-9).
      (Generated passwords do not use uppercase O or lowercase l as
      these characters are easily confused with the numbers 0 and 1.)
      The length of the password is up to you (see Usage, below),
      but needless to say, the longer, the stronger.
      By default, GenPass generates a strong password of between 13
      and 22 characters that includes two of the following separator
      characters: $%&()*+,-./:;@[]_. Alternatively, you can supply a
      command-line argument in which any number n from 1 to 9 stands
      for a random sequence of alphanumeric characters of length
      n, and any other character stands for itself. Thus, you can
      include fixed words and other characters, such as separators,
      in the generated password. Spaces in the argument are converted
      to underscores. Here are some examples:
      Usage             Sample output
      -----             -------------
      GenPass           MqU26A*6dS-53r8
      GenPass 9         frdhPYDs9
      GenPass 58        weoXYHKxDI1uQ
      GenPass 5.5       UfA6j.43VBB
      GenPass 3-4-3     0I0-6gq4-njc
      GenPass 5,3.7     I2FSR,tRZ.fjeIsFy
      GenPass 3)5(3     UMf)m8513(CBq
      GenPass 3[haha]3  yLa[haha]P3y
      GenPass Yes way5  Yes_way1BsUh
      Seed Option (/S)
      ----------------
      Adding switch /S to the command-line argument causes GenPass to
      set a seed for the random generation of password characters. A
      bare /S sets a randomized seed which is written to disk in a file
      named GenPass.rnd; this seed is used for all subsequent launches
      of GenPass with the bare /S option. Alternatively, you can specify
      a seed (range -2^31 to 2^31-1) on the command line with /S [seed].
      Here are some examples:
      GenPass /S
      GenPass /S 33.3333
      GenPass 5,5,5 /S
      GenPass 5,5,5 /S 33.3333
      Note that any subsequent launch of GenPass without the /S option
      will cause GenPass.rnd to be deleted.
      Source:
      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=GenPass.exe #AutoIt3Wrapper_UseUpx=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #cs GENPASS.AU3 -- AutoIt v3 CLD rev.2017-05-05 ------------------ Generate a strong password and save it to the clipboard >> Command GenPass ? for detailed help << ------------------------------------------------------- #ce #include <Clipboard.au3> #include <FileConstants.au3> #include <MsgBoxConstants.au3> #include <StringConstants.au3> AutoItSetOption("WinTitleMatchMode", -4) FileInstall ("d:\path\GenPass.htm", @ScriptDir & "\GenPass.htm", $FC_OVERWRITE) ; Template/Seed Local $sTemp = "" Local $bSeed = False, $fSeed=False If $CmdLine[0] Then $sTemp = $CmdLineRaw If $CmdLine[$CmdLine[0]] = "/s" Then $bSeed = True $sTemp = StringTrimRight($sTemp, 2) $sTemp = StringStripWS($sTemp, $STR_STRIPTRAILING) EndIf If $CmdLine[$CmdLine[0] - 1] = "/s" Then $bSeed = True $fSeed = $CmdLine[$CmdLine[0]] $sTemp = StringTrimRight($sTemp, 3 + StringLen($fSeed)) $sTemp = StringStripWS($sTemp, $STR_STRIPTRAILING) EndIf EndIf If Not $sTemp Then $sTemp = "8" If $sTemp = "1" Then $aSeps = StringSplit("#$%&()*+,-./:;@[]_", "") $sTemp = String(Random(3,6,1)) & $aSeps[Random(1,$aSeps[0],1)] & _ String(Random(2,4,1)) & $aSeps[Random(1,$aSeps[0],1)] & _ String(Random(3,6,1)) EndIf $sFn = @ScriptDir&"\GenPass.rnd" If $bSeed Then If Not $fSeed Then If Not FileExists($sFn) Then $fSeed = Random(-1.999^31,1.999^31,0) $h=FileOpen($sFn,2) If $h > -1 Then FileWrite($h,$fSeed) FileClose($h) Else Exit MsgBox($MB_ICONWARNING, @ScriptName, "Error opening " & $sFn) EndIf Else $h=FileOpen($sFn) If $h > -1 Then $fSeed=FileRead($h) FileClose($h) Else Exit MsgBox($MB_ICONWARNING, @ScriptName, "Error opening " & $sFn) EndIf EndIf EndIf SRandom($fSeed) Else If FileExists($sFn) Then FileDelete($sFn) EndIf ; Show help If StringInStr("?Hh", $sTemp) Then If WinExists("[REGEXPTITLE:GenPass.exe:.*]") Then WinActivate("[REGEXPTITLE:GenPass.exe:.*]") Else ShellExecute(@ScriptDir & "\GenPass.htm") EndIf Exit EndIf ; Main $sTemp = StringReplace($sTemp, " ", "_") $iC = 1 While $iC < 10001 $sPW = GenPW($sTemp) If $sPW Then ClipPut($sPW) If Not StringInStr (@ScriptName, "GenPW") Then _ MsgBox($MB_ICONINFORMATION, @ScriptName, $sPW & _ " saved to clipboard" & @CRLF & @CRLF & _ @ScriptName & " ? shows detailed help") Exit Else $iC += 1 EndIf WEnd Exit MsgBox($MB_ICONWARNING, @ScriptName, "Password generation failed!") ;------------------------------- Func GenPw($sTemplate) Local $aIn = StringSplit($sTemplate,"") Local $sOut = "" Local $sABC = _ "0123456789ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz0123456789" Local $aAB = StringSplit($sABC, "") Local $bUC = 0, $bLC = 0, $bNR = 0 For $i = 1 To $aIn[0] If Int($aIn[$i]) Then $iK = $aIn[$i] For $j = 1 To $iK $iR = Random(1, $aAB[0],1) Select Case StringInStr("0123456789", $aAB[$iR]) $bNR = 1 Case StringInStr("ABCDEFGHIJKLMNPQRSTUVWXYZ", _ $aAB[$iR], $STR_CASESENSE) $bUC = 1 Case StringInStr("abcdefghijklmnpqrstuvwxyz", _ $aAB[$iR], $STR_CASESENSE) $bLC = 1 EndSelect $sOut &= $aAB[$iR] Next Else $sOut &= $aIn[$i] EndIf Next If ($bUC And $bLC And $bNR) Then Return $sOut Else Return 0 EndIf EndFunc  
    • Fenzik
      By Fenzik
      ; Title .........: Password
      ; AutoIt Version : 3.3.14.2
      ; Description ...: UDF to work with passwords. Mostly ported from Javascript at http:rumkin.com/tools/password/passchk.php and improved a bit
      ; Author(s) .....: Fenzik + Team Adaptech
      ; #CURRENT# =====================================================================================================================
      ;_Password_Generate
      ;_Password_GetcharsetSize
      ;_Password_GetEntropy
      ;_Password_IsCommonWord
      ;_Password_Startup
      ; ===============================================================================================================================
       
      It's my first UDF so please be nice.:)
       
      If somebody have better idea how to store common dictionary and frequency table please post here...
       
      Have fun!
       
      Fenzik
       
      Password.zip