0

I have a small config file for a program that this code creates, the file is created by converting the $Data variable into Json format txt file and reads back from it.
I would like the file to be encrypted and still be able to decrypt and read from it.

$path = "test.txt"

$Data = @{
   File = "test.exe"
   Folder = "c:\temp\"
   count = "4"  
}

$Data | ConvertTo-Json | Add-Content  -Path $path
$NewData = Get-Content -Path $path -Raw | ConvertFrom-Json
$NewData.File
$NewData.Folder
$NewData.count

Any suggestions on how to add simple encryption and decryption?
Maybe using ConvertTo-SecureString.. I tried but cant get it to work (not even close).

Improve this question
7
  • 3
    Start by identifying which (kind of) attacker you're trying to protect it from. Commented Jul 7, 2021 at 18:08
  • Do you want to prevent tampering or prevent anyone knowing what's in it? Or both? Commented Jul 7, 2021 at 18:26
  • 1
    The easiest resource I can imagine is Export-CliXml, the file can only be read by your user and only on the computer it was exported. Commented Jul 7, 2021 at 22:36
  • 1
    Good one @Santiago. I didn't know that one. Have some scripts to update now. Commented Jul 8, 2021 at 1:15
  • 1
    The idea is to simply make the config file idiot proof. The program i am writing is a small tool that will help some of my "computer literate" colleagues and i dont want them to try and edit it. Commented Jul 9, 2021 at 0:00

1 Answer 1

Reset to default
1

I want to thank @santiago-squarzon and all who contributed to this post.

After a VERY long night of trial and error basically attempting to translate the Microsoft c# examples and snippets to PowerShell I finally found a working solution.

Also a big thank you to

Here is the final solution for anyone that wants to do it like me!

$tempfolder = $env:temp
$tmpkey = {110
52
114
225
64
235
208
235
242
44
101
16
80
94
97
252} | Set-Content $tempfolder\newkey.key     # I have generated this 16 byte random key using key generation script 
                                              # with the help from " https://www.altaro.com/msp-dojo/encrypt-password-powershell/ ""
$key = Get-Content $tempfolder\newkey.key 


$file = "test.txt"

$Data = @{
   File = "test.exe"
   Folder = "c:\temp\"
   count = "4"  
}

$perm = $data | ConvertTo-Json
$perm |  ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -key $key |  Set-Content -Path $file

#  this encrypted the data into my test.txt file no to show how it looks inside
$tmp = Get-Content -path $file
echo $tmp


#  now to retrieve it and convert back to usable text
  
$NewData = Get-Content  -Path $file | ConvertTo-SecureString -key $key
$LoadedData = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR((($NewData)))) | ConvertFrom-Json
$LoadedData.File
$LoadedData.Folder
$LoadedData.Count
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.