Powershell specifiy a literal "encrypted standard string"?

Welcome Forums General PowerShell Q&A Powershell specifiy a literal "encrypted standard string"?

This topic contains 2 replies, has 2 voices, and was last updated by

4 years, 5 months ago.

  • Author
  • #22211

    Topics: 1
    Replies: 0
    Points: 0
    Rank: Member


    How can I use powershell and manually define a "encrypted standard string" directly without having to read it from a file
    then convert it to a secure string.

    See my example Method 1 works but I can't get Method 2 to work.

    Any suggestions – as I would like to use a secure string in a script without reading it from file or prompting the user.
    So just specify the long sequece of characters.



    — Code below —

    # Method 1 – this works.

    $pw = ConvertTo-SecureString 'hello' –asplaintext –force

    $data1 = $pw | ConvertFrom-SecureString

    $data1 | Out-File -FilePath ".\pw.txt" -Force

    $file_data = Get-Content ".\pw.txt" | ConvertTo-SecureString

    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

    "Password: $PlainPassword"

    # Method 2 – use literal text

    $data2 = @"

    $file_data = $data2 | ConvertTo-SecureString

    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

    "Password: $PlainPassword"


    The error I get:

    ConvertTo-SecureString : Input string was not in a correct format.
    At C:\Users\Ward\OneDrive\Documents\test1.ps1:27 char:23
    + $file_data = $data2 | ConvertTo-SecureString
    + ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [ConvertTo-SecureString], FormatException
    + FullyQualifiedErrorId : System.FormatException,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

  • #22216

    Topics: 9
    Replies: 2322
    Points: 0
    Rank: Member

    Make sure you don't have any line breaks in your $data2 string. You can put it onto a single line, to ensure that:

    $data2 = '01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0'
  • #22217

    Topics: 9
    Replies: 2322
    Points: 0
    Rank: Member

    Also, keep in mind that using this method, you'll only be able to decrypt the string with the same user account that encrypted (and most of the time, only on the same computer as well.)

The topic ‘Powershell specifiy a literal "encrypted standard string"?’ is closed to new replies.