whorsfall
asked on
Powershell specifiy a literal "encrypted standard string"?
Hi,
How can I use powershell and manually define a "encrypted standard string" directly without having to read it from a file
then convert it to a secure string.
See my example Method 1 works but I can't get Method 2 to work.
Any suggestions - as I would like to use a secure string in a script without reading it from file or prompting the user.
So just specify the long sequence of characters.
Thanks,
Ward
Here is the error I get when I try to run it.
PS C:\Users\Ward> C:\Users\Ward\OneDrive\Doc uments\tes t1.ps1
Password: hello
01000000d08c9ddf0115d1118c 7a00c04fc2 97eb010000 006060907f 48c4004f9e 68712619c2 45c6000000 0002000000 0000106600 0000010000 2000000028 762f90fd2d 364b89b516 059c4da694 5a31a28b71
9b9ae147b0c5b630df58e70000 00000e8000 0000020000 2000000051 f7b457600e bce6976fbd a0dc030f14 2cf625cf08 284a979f1b 2b70a4d4fd 8f10000000 98ed9798da 734098fa4f c6312656e4 f440000000
c0b0909bd09f4829bea7b5d64a a1def84a3f c34c512a4e c730c35d91 50458d1840 3f1e04b22d 13e02340ae eb7e4f4737 d125eda228 5e1b871d79 841cd4af42 ad
ConvertTo-SecureString : Input string was not in a correct format.
At C:\Users\Ward\OneDrive\Doc uments\tes t1.ps1:27 char:23
+ $file_data = $data2 | ConvertTo-SecureString
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [ConvertTo-SecureString], FormatException
+ FullyQualifiedErrorId : System.FormatException,Mic rosoft.Pow erShell.Co mmands.Con vertToSecu reStringCo mmand
How can I use powershell and manually define a "encrypted standard string" directly without having to read it from a file
then convert it to a secure string.
See my example Method 1 works but I can't get Method 2 to work.
Any suggestions - as I would like to use a secure string in a script without reading it from file or prompting the user.
So just specify the long sequence of characters.
Thanks,
Ward
# Method 1 - this works.
$pw = ConvertTo-SecureString 'hello' –asplaintext –force
$data1 = $pw | ConvertFrom-SecureString
$data1 | Out-File -FilePath ".\pw.txt" -Force
$file_data = Get-Content ".\pw.txt" | ConvertTo-SecureString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
"Password: $PlainPassword"
""
$data1
# Method 2 - use literal text
$data2 = @"
01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f
5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000
f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0
"@
$file_data = $data2 | ConvertTo-SecureString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
"Password: $PlainPassword"
Here is the error I get when I try to run it.
PS C:\Users\Ward> C:\Users\Ward\OneDrive\Doc
Password: hello
01000000d08c9ddf0115d1118c
9b9ae147b0c5b630df58e70000
c0b0909bd09f4829bea7b5d64a
ConvertTo-SecureString : Input string was not in a correct format.
At C:\Users\Ward\OneDrive\Doc
+ $file_data = $data2 | ConvertTo-SecureString
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [ConvertTo-SecureString], FormatException
+ FullyQualifiedErrorId : System.FormatException,Mic
ASKER
Hi,
So now if I run this code below it will fail on a different machine? Even though it seems to work ok now?
Thanks,
Ward,
So now if I run this code below it will fail on a different machine? Even though it seems to work ok now?
Thanks,
Ward,
$data2 = @"
01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f
5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000
f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0
"@
$file_data = $data2.Replace("`r`n", "") | ConvertTo-SecureString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
"Password: $PlainPassword"
Yep. Check yourself; here are the first 64 characters from an encoded "hello".
Line 1: Your "hello"
Line 2: My "hello", machine 1, account 1
Line 3: My "hello", machine 1, account 2
Line 4: My "hello", machine 2, account 1
Differences start in column 49:
Line 1: Your "hello"
Line 2: My "hello", machine 1, account 1
Line 3: My "hello", machine 1, account 2
Line 4: My "hello", machine 2, account 1
Differences start in column 49:
01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f
01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005f5ca1d26d1d745
01000000d08c9ddf0115d1118c7a00c04fc297eb010000008da7ed0b833a6147
01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e725ac7e967604f
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window
But then your next problem will probably come up,A secure string will only be valid for the user who created it, AND on the machine where the string was created.
In other words: as soon as you try to run the script with the embedded password either with another user or on another computer, you'll get ConvertTo-SecureString : Key not valid for use in specified state.