|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
| |
| 09-07-2006 | #1 (permalink) |
| | HowTo: Use ConvertTo-SecureString and ConvertFrom-SecureString I know im just doing something stupid, but I cant seem to get this to work. I assume it has something to do with type'ing. Im not a developer in any stretch so please be patient, just and ol'school command/vbs scripter. Example: --------- $securestring = ConvertTo-SecureString "Hello" I get Error: ----------- ConvertTo-SecureString : Cannot process argument because the value of argument "input" is invalid. At line:1 char:39 |
My System Specs |
| 09-07-2006 | #2 (permalink) |
| | Re: HowTo: Use ConvertTo-SecureString and ConvertFrom-SecureString For some background -- a SecureString is a type of string that PowerShell (and .Net) keeps encrypted in memory. Even if an attacker can explore the memory on your computer (like the contents of a swap file, for example,) they cannot gain access to the secret protected by the SecureString. Although you can pass around SecureStrings with impunity, applications must be extremely careful at the boundaries -- when creating SecureStrings and retrieving the encrypted data from them. This means doing things like reading your password input character by character, then removing each character from memory as soon as possible. If the data is ever stored as a regular string, it stays in memory until the process exits. By typing a regular string onto the command line (like you did below,) the string can no longer be made secure. That specific string stays in memory until PowerShell exits. This is why ConvertTo-SecureString only accepts the encrypted output of ConvertFrom-SecureString. Only in that way can we retain the security guarantee of SecureStrings. That said, most people aren't that concerned about an attacker spying on their machine's memory, or digging through their Windows pagefile. In many situations, the benefit of being able to automate these situations vastly outweights the potential security risk. For the upcoming release candidate, we've added some new functionality to allow this: $secureString = ConvertTo-SecureString "Hello" -AsPlainText -Force (The force flag lets you bypass the warning I just gave you  )Until then, you can create SecureStrings from plain text this way: $text = "Hello World" $secureString = new-object Security.SecureString $text.ToCharArray() | % { $secureString.AppendChar($_) } -- Lee Holmes [MSFT] Windows PowerShell Development Microsoft Corporation This posting is provided "AS IS" with no warranties, and confers no rights. "Brandon Shell" <tshell.mask@gmail.com> wrote in message news:e8Wwg9q0GHA.1040@TK2MSFTNGP06.phx.gbl... >I know im just doing something stupid, but I cant seem to get this to work. >I assume it has something to do with type'ing. Im not a developer in any >stretch so please be patient, just and ol'school command/vbs scripter. > > Example: > --------- > $securestring = ConvertTo-SecureString "Hello" > > I get Error: > ----------- > ConvertTo-SecureString : Cannot process argument because the value of > argument "input" is invalid. > At line:1 char:39 > |
| My System Specs |
| 09-07-2006 | #3 (permalink) |
| | Re: HowTo: Use ConvertTo-SecureString and ConvertFrom-SecureString Thanks... make sense... I think I just misunderstood the purpose. I was looking to encrypt a text (Password of sorts) and store on disk or db, so that I was the only one that could decrypt. "Lee Holmes [MSFT]" <lee.holmes@online.microsoft.com> wrote in message news:%23gcaYqr0GHA.4476@TK2MSFTNGP05.phx.gbl... > For some background -- a SecureString is a type of string that PowerShell > (and .Net) keeps encrypted in memory. Even if an attacker can explore the > memory on your computer (like the contents of a swap file, for example,) > they cannot gain access to the secret protected by the SecureString. > > Although you can pass around SecureStrings with impunity, applications > must be extremely careful at the boundaries -- when creating SecureStrings > and retrieving the encrypted data from them. This means doing things like > reading your password input character by character, then removing each > character from memory as soon as possible. If the data is ever stored as > a regular string, it stays in memory until the process exits. > > By typing a regular string onto the command line (like you did below,) the > string can no longer be made secure. That specific string stays in memory > until PowerShell exits. This is why ConvertTo-SecureString only accepts > the encrypted output of ConvertFrom-SecureString. Only in that way can we > retain the security guarantee of SecureStrings. > > That said, most people aren't that concerned about an attacker spying on > their machine's memory, or digging through their Windows pagefile. In > many situations, the benefit of being able to automate these situations > vastly outweights the potential security risk. > > For the upcoming release candidate, we've added some new functionality to > allow this: > > $secureString = ConvertTo-SecureString "Hello" -AsPlainText -Force > > (The force flag lets you bypass the warning I just gave you )> > Until then, you can create SecureStrings from plain text this way: > > $text = "Hello World" > $secureString = new-object Security.SecureString > $text.ToCharArray() | % { $secureString.AppendChar($_) } > > -- > Lee Holmes [MSFT] > Windows PowerShell Development > Microsoft Corporation > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > "Brandon Shell" <tshell.mask@gmail.com> wrote in message > news:e8Wwg9q0GHA.1040@TK2MSFTNGP06.phx.gbl... >>I know im just doing something stupid, but I cant seem to get this to >>work. I assume it has something to do with type'ing. Im not a developer in >>any stretch so please be patient, just and ol'school command/vbs scripter. >> >> Example: >> --------- >> $securestring = ConvertTo-SecureString "Hello" >> >> I get Error: >> ----------- >> ConvertTo-SecureString : Cannot process argument because the value of >> argument "input" is invalid. >> At line:1 char:39 >> > > |
| My System Specs |
| 09-08-2006 | #4 (permalink) |
| | Re: HowTo: Use ConvertTo-SecureString and ConvertFrom-SecureString That is a perfect use of the cmdlets. PS >$secureString = Read-Host -AsSecureString ************ PS >ConvertFrom-SecureString $secureString | out-file c:\temp\encrypted.txt PS >$newString = gc C:\temp\encrypted.txt | ConvertTo-SecureString Lee "Brandon Shell" <tshell.mask@gmail.com> wrote in message news:OunFzat0GHA.4116@TK2MSFTNGP02.phx.gbl... > Thanks... make sense... I think I just misunderstood the purpose. > > I was looking to encrypt a text (Password of sorts) and store on disk or > db, so that I was the only one that could decrypt. > > "Lee Holmes [MSFT]" <lee.holmes@online.microsoft.com> wrote in message > news:%23gcaYqr0GHA.4476@TK2MSFTNGP05.phx.gbl... >> For some background -- a SecureString is a type of string that PowerShell >> (and .Net) keeps encrypted in memory. Even if an attacker can explore >> the memory on your computer (like the contents of a swap file, for >> example,) they cannot gain access to the secret protected by the >> SecureString. >> >> Although you can pass around SecureStrings with impunity, applications >> must be extremely careful at the boundaries -- when creating >> SecureStrings and retrieving the encrypted data from them. This means >> doing things like reading your password input character by character, >> then removing each character from memory as soon as possible. If the >> data is ever stored as a regular string, it stays in memory until the >> process exits. >> >> By typing a regular string onto the command line (like you did below,) >> the string can no longer be made secure. That specific string stays in >> memory until PowerShell exits. This is why ConvertTo-SecureString only >> accepts the encrypted output of ConvertFrom-SecureString. Only in that >> way can we retain the security guarantee of SecureStrings. >> >> That said, most people aren't that concerned about an attacker spying on >> their machine's memory, or digging through their Windows pagefile. In >> many situations, the benefit of being able to automate these situations >> vastly outweights the potential security risk. >> >> For the upcoming release candidate, we've added some new functionality to >> allow this: >> >> $secureString = ConvertTo-SecureString "Hello" -AsPlainText -Force >> >> (The force flag lets you bypass the warning I just gave you )>> >> Until then, you can create SecureStrings from plain text this way: >> >> $text = "Hello World" >> $secureString = new-object Security.SecureString >> $text.ToCharArray() | % { $secureString.AppendChar($_) } >> >> -- >> Lee Holmes [MSFT] >> Windows PowerShell Development >> Microsoft Corporation >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> >> >> >> "Brandon Shell" <tshell.mask@gmail.com> wrote in message >> news:e8Wwg9q0GHA.1040@TK2MSFTNGP06.phx.gbl... >>>I know im just doing something stupid, but I cant seem to get this to >>>work. I assume it has something to do with type'ing. Im not a developer >>>in any stretch so please be patient, just and ol'school command/vbs >>>scripter. >>> >>> Example: >>> --------- >>> $securestring = ConvertTo-SecureString "Hello" >>> >>> I get Error: >>> ----------- >>> ConvertTo-SecureString : Cannot process argument because the value of >>> argument "input" is invalid. >>> At line:1 char:39 >>> >> >> > > |
| My System Specs |
| Thread Tools | |
| |
| Similar topics to: HowTo: Use ConvertTo-SecureString and ConvertFrom-SecureString | ||||
| Thread | Forum | |||
| SecureString in Batch | PowerShell | |||
| SecureString : Using -key | PowerShell | |||
| Using SecureString objects | PowerShell | |||
| ConvertTo-Html | PowerShell | |||
| Convert/ConvertTo/ConvertFrom -> To/From? | PowerShell | |||
