2

I want to encrypt a text which I want to use in different PowerShell script without compromising its security as other user will be using scripts that will contain that text. Basically I want to conceal that text from everybody and use it without any hassle to all PowerShell scripts that are using that particular text. Text can be stored in a file so that it will be used in different scripts. I have tried basic things like :

$text = Read-Host "Enter the text" -AsSecureString

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($text)

$Plaintext = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
Write-Host "Text is: " $PlainText

But the thing is it can easily be found if you are in same computer. I need some foolproof method if any.This is my first question so please ignore my mistakes, if any.

Improve this question

1 Answer 1

Reset to default
2

In your case, you need a specific key to make the string encrypted.

For Setting the Key:

function Set-Key {
param([string]$string)
$length = $string.length
$pad = 32-$length
if (($length -lt 16) -or ($length -gt 32)) {Throw "String must be between 16 and 32 characters"}
$encoding = New-Object System.Text.ASCIIEncoding
$bytes = $encoding.GetBytes($string + "0" * $pad)
return $bytes
}

For Setting the Encrypted Data:

function Set-EncryptedData {
param($key,[string]$plainText)
$securestring = new-object System.Security.SecureString
$chars = $plainText.toCharArray()
foreach ($char in $chars) {$secureString.AppendChar($char)}
$encryptedData = ConvertFrom-SecureString -SecureString $secureString -Key $key
return $encryptedData
}

For Decrypting the data:

function Get-EncryptedData {
param($key,$data)
$data | ConvertTo-SecureString -key $key |
ForEach-Object {[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($_))}
}

How to use: 

$plainText = "Some Super Secret Password"
$key = Set-Key "AGoodKeyThatNoOneElseWillKnow"
$encryptedTextThatIcouldSaveToFile = Set-EncryptedData -key $key -plainText $plaintext
$encryptedTextThatIcouldSaveToFile  ## - sample output 507964ed3a197b26969adead0212743c378a478c64007c477efbb21be5748670a7543cb21135ec324e37f80f66d17c76c4a75f6783de126658bce09ef19d50da
$DecryptedText = Get-EncryptedData -data $encryptedTextThatIcouldSaveToFile -key $key
$DecryptedText

Reference Link: Encrypting & Decrypting Strings with PS

Hope it helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

but in this method how can we secure $key because $key is saved on my machine so anybody can decrypt that. I need a solution in which anybody can use script without knowing.
@geekybuddy just keep key in the file. $key = Set-Key -string (get-content file.txt)
but anybody can access the file because it is same system with same user.
@geekybuddy - Assuming your users of the script are allowed to know the key, you can use Export-CliXml/Import-CliXml to protect the key. Only the current user on the current machine kan decrypt the file containing the key. Drawback is that you can't deploy one keyfile on all machines. For each user on each machine, the file has to be created once.
@Lieven the thing is only one user is on the computer i.e Administrator and different people will use same account to run scripts. So how can we protect key from other people.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.