Padding is invalid and cannot be removed.

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Dan Potter Dan Potter 1 year ago.

  • Author
  • #30451
    Profile photo of Venugopal

    Powershell version:

    Name : ConsoleHost
    Version : 5.0.10105.0

    Decryption issue

    PS C:\Users\Administrator> ConvertTo-SecureString -key $key -String $password
    ConvertTo-SecureString : Padding is invalid and cannot be removed.
    At line:1 char:1
    + ConvertTo-SecureString -key $key -String $password
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
    + FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecure

    No issues with earlier version of powershell. ( works fine on version 4 )
    Requesting help in this regards,

    $file = "c:\securefile"
    $key = 1..32 | Get-Random -Count 16 -SetSeed 654321
    $password = Get-Content $File | ConvertTo-SecureString -key $key

    need some directions to fix this.

    Additional notes::

    just to add,

    Example 11 says
    # Commands with the same seed are not random.

    I got 2 different set of output for $key for version 4 and version 5.

    any suggestions?

  • #30452
    Profile photo of Dave Wyatt
    Dave Wyatt

    Looks like something changed in Get-Random between those PS versions. Since you're essentially hard-coding your key either way, it would probably be safer just to save it that way, and avoid the problem.

    $key = [Convert]::FromBase64String('CwUCCg4QGxITESAJGQgBFw==')

    To get that key, I ran these commands in PowerShell v2:

    $bytes = 1..32 | Get-Random -Count 16 -SetSeed 654321
  • #30453
    Profile photo of Dave Wyatt
    Dave Wyatt

    On a side note, this doesn't really add any security, since anyone can retrieve your key using the same PowerShell commands. I did a talk on this subject at the PowerShell summit which might interest you:

  • #30463
    Profile photo of Venugopal

    Hello Dave,

    Thank you.. i've already seen your talk on crypto and it had helped me a lot , this is the type 1 , the script executes and it gets deleted and it happens even before the server is ready.

    for now, i've hard-coded the working key.. waiting to know what has changed in get-random even though there is a work around ..

    Thank you once again...

  • #30464
    Profile photo of Dan Potter
    Dan Potter

    The only change I see.

    Beginning in Windows PowerShell 3.0, Get-Random supports 64-bit integers. In Windows PowerShell 2.0, all values are cast to System.Int32

You must be logged in to reply to this topic.