Author Posts

October 6, 2015 at 3:24 am

Powershell version:

Name : ConsoleHost
Version : 5.0.10105.0

Decryption issue

PS C:\Users\Administrator> ConvertTo-SecureString -key $key -String $password
ConvertTo-SecureString : Padding is invalid and cannot be removed.
At line:1 char:1
+ ConvertTo-SecureString -key $key -String $password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecure
StringCommand

No issues with earlier version of powershell. ( works fine on version 4 )
Requesting help in this regards,

Script:
$file = "c:\securefile"
$key = 1..32 | Get-Random -Count 16 -SetSeed 654321
$password = Get-Content $File | ConvertTo-SecureString -key $key

need some directions to fix this.

Additional notes::

just to add,
https://technet.microsoft.com/en-us/library/hh849905.aspx?f=255&MSPPError=-2147217396

Example 11 says
# Commands with the same seed are not random.

I got 2 different set of output for $key for version 4 and version 5.

any suggestions?

October 6, 2015 at 4:06 am

Looks like something changed in Get-Random between those PS versions. Since you're essentially hard-coding your key either way, it would probably be safer just to save it that way, and avoid the problem.

$key = [Convert]::FromBase64String('CwUCCg4QGxITESAJGQgBFw==')

To get that key, I ran these commands in PowerShell v2:

$bytes = 1..32 | Get-Random -Count 16 -SetSeed 654321
[Convert]::ToBase64String($bytes)

October 6, 2015 at 4:08 am

On a side note, this doesn't really add any security, since anyone can retrieve your key using the same PowerShell commands. I did a talk on this subject at the PowerShell summit which might interest you: https://www.youtube.com/watch?v=Ta2hQHVKauo

October 6, 2015 at 9:20 am

Hello Dave,

Thank you.. i've already seen your talk on crypto and it had helped me a lot , this is the type 1 , the script executes and it gets deleted and it happens even before the server is ready.

for now, i've hard-coded the working key.. waiting to know what has changed in get-random even though there is a work around ..

Thank you once again...

October 6, 2015 at 9:51 am

The only change I see.

Beginning in Windows PowerShell 3.0, Get-Random supports 64-bit integers. In Windows PowerShell 2.0, all values are cast to System.Int32