Powershell specifiy a literal "encrypted standard string"?

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 1 year, 10 months ago.

  • Author
    Posts
  • #22211
    Profile photo of Ward Horsfall
    Ward Horsfall
    Participant

    Hi,

    How can I use powershell and manually define a "encrypted standard string" directly without having to read it from a file
    then convert it to a secure string.

    See my example Method 1 works but I can't get Method 2 to work.

    Any suggestions – as I would like to use a secure string in a script without reading it from file or prompting the user.
    So just specify the long sequece of characters.

    Thanks,

    Ward

    — Code below —

    # Method 1 – this works.

    $pw = ConvertTo-SecureString 'hello' –asplaintext –force

    $data1 = $pw | ConvertFrom-SecureString

    $data1 | Out-File -FilePath ".\pw.txt" -Force

    $file_data = Get-Content ".\pw.txt" | ConvertTo-SecureString

    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

    "Password: $PlainPassword"
    ""
    $data1

    # Method 2 – use literal text

    $data2 = @"
    01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f
    5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000
    f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0
    "@

    $file_data = $data2 | ConvertTo-SecureString

    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

    "Password: $PlainPassword"

    ————————————–

    The error I get:

    ConvertTo-SecureString : Input string was not in a correct format.
    At C:\Users\Ward\OneDrive\Documents\test1.ps1:27 char:23
    + $file_data = $data2 | ConvertTo-SecureString
    + ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [ConvertTo-SecureString], FormatException
    + FullyQualifiedErrorId : System.FormatException,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

  • #22216
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Make sure you don't have any line breaks in your $data2 string. You can put it onto a single line, to ensure that:

    $data2 = '01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0'
    
  • #22217
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Also, keep in mind that using this method, you'll only be able to decrypt the string with the same user account that encrypted (and most of the time, only on the same computer as well.)

You must be logged in to reply to this topic.