Padding is invalid and cannot be removed.

Welcome Forums General PowerShell Q&A Padding is invalid and cannot be removed.

This topic contains 4 replies, has 3 voices, and was last updated by

3 years, 2 months ago.

  • Author
  • #30451

    Points: 0
    Rank: Member

    Powershell version:

    Name : ConsoleHost
    Version : 5.0.10105.0

    Decryption issue

    PS C:\Users\Administrator> ConvertTo-SecureString -key $key -String $password
    ConvertTo-SecureString : Padding is invalid and cannot be removed.
    At line:1 char:1
    + ConvertTo-SecureString -key $key -String $password
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
    + FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecure

    No issues with earlier version of powershell. ( works fine on version 4 )
    Requesting help in this regards,

    $file = "c:\securefile"
    $key = 1..32 | Get-Random -Count 16 -SetSeed 654321
    $password = Get-Content $File | ConvertTo-SecureString -key $key

    need some directions to fix this.

    Additional notes::

    just to add,

    Example 11 says
    # Commands with the same seed are not random.

    I got 2 different set of output for $key for version 4 and version 5.

    any suggestions?

  • #30452

    Points: 0
    Rank: Member

    Looks like something changed in Get-Random between those PS versions. Since you're essentially hard-coding your key either way, it would probably be safer just to save it that way, and avoid the problem.

    $key = [Convert]::FromBase64String('CwUCCg4QGxITESAJGQgBFw==')

    To get that key, I ran these commands in PowerShell v2:

    $bytes = 1..32 | Get-Random -Count 16 -SetSeed 654321
  • #30453

    Points: 0
    Rank: Member

    On a side note, this doesn't really add any security, since anyone can retrieve your key using the same PowerShell commands. I did a talk on this subject at the PowerShell summit which might interest you:

  • #30463

    Points: 0
    Rank: Member

    Hello Dave,

    Thank you.. i've already seen your talk on crypto and it had helped me a lot , this is the type 1 , the script executes and it gets deleted and it happens even before the server is ready.

    for now, i've hard-coded the working key.. waiting to know what has changed in get-random even though there is a work around ..

    Thank you once again...

  • #30464

    Points: 21
    Rank: Member

    The only change I see.

    Beginning in Windows PowerShell 3.0, Get-Random supports 64-bit integers. In Windows PowerShell 2.0, all values are cast to System.Int32

The topic ‘Padding is invalid and cannot be removed.’ is closed to new replies.