Created
March 7, 2024 20:51
-
-
Save lbreuss/8969f570604db8690c161774671bf24a to your computer and use it in GitHub Desktop.
Encrypt and Decrypt password using Windows SecretString
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Decrypt a password via SecureString. output the plain text to STDOUT | |
.DESCRIPTION | |
Multiple input modes: | |
1. FILE: read encrypted string from file. named argument "-File <filepath>" | |
2. STDIN: read encrypted string from stdin. | |
3. Argument: read encrypted string from first argument. | |
.INPUTS | |
System.String. Optional. The encrypted password string via STDIN | |
.OUTPUTS | |
System.String. The plain text password | |
.EXAMPLE | |
PS> decrypt-password.ps1 -File pw-encrypted.txt | |
P@ssword | |
.EXAMPLE | |
> powershell -file ...\decrypt-password.ps1 -File ...\pw-encrypted.txt | |
P@ssword | |
.EXAMPLE | |
PS> type pw-encrypted.txt | decrypt-password.ps1 | |
P@ssword | |
.EXAMPLE | |
PS> decrypt-password.ps1 "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9" | |
P@ssword | |
#> | |
Param( | |
[string]$encrypted_string, | |
[string]$file | |
) | |
$encrypted_string = | |
if($file) { | |
Get-Content $file | |
} elseif ($encrypted_string) { | |
$encrypted_string # Just use the | |
} elseif ($MyInvocation.ExpectingInput) { | |
$Input.MoveNext | |
$Input.Current | |
} else { | |
[Console]::Error.WriteLine("Error: Missing input") | |
[Console]::Error.WriteLine($(Get-Help $MyInvocation.InvocationName | Out-String)) | |
exit(1) | |
} | |
$pw_secure_string = ConvertTo-SecureString $encrypted_string | |
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw_secure_string)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Convert a password via SecureString to an encrypted output | |
.DESCRIPTION | |
Multiple input modes: | |
1. Interactive prompt from console. Most SECURE. Start the script without any parameters | |
2. STDIN: read password from stdin. NOTE: pipelines are somewhat not very secure | |
3. Argument: read password from first argument. NOT SECURE! | |
.INPUTS | |
System.String. Optional. The plain text password via STDIN. | |
.OUTPUTS | |
System.String. The encrypted string. | |
.EXAMPLE | |
PS> encrypt-password.ps1 | |
Enter a Password: *** | |
01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9 | |
.EXAMPLE | |
PS> echo "P@ssword" | encrypt-password.ps1 > pw-encrypted.txt | |
.EXAMPLE | |
PS> encrypt-password.ps1 "P@ssword" | |
01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9 | |
#> | |
$pw_secure_string = if ($MyInvocation.ExpectingInput) { | |
# Alternatively, use $firstLine = [console]::ReadLine() - thanks, @binki | |
$firstLine = $($null = $Input.MoveNext(); $Input.Current) | |
ConvertTo-SecureString -AsPlainText -Force $firstLine | |
} else { | |
if($args[0]) { | |
ConvertTo-SecureString $args[0] -AsPlainText -Force | |
} else { | |
Read-Host "Enter a Password" -AsSecureString | |
} | |
} | |
$pw_secure_string | ConvertFrom-SecureString |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment