how to encrypt a paswd in a file to be used for batch

F

Frank

Can someone help me in encrypting a password in a file so that I can use it
to execute batch jobs which require username/password? I have the following
script working but it seems to not work as time progresses:

$pass = read-host -assecurestring -prompt "Enter password to encrypt: "
convertfrom-securestring $pass -key (1..16) > encrypt.file

Then I use this to decrypt it:

$tt = ConvertTo-SecureString -key (1..16) (gc "./encrypt.file")
$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
$pass_back = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)

write-output "password decrpyted is: $pass_back"
 

My Computer

J

Jeff

On Nov 6, 7:02 am, Frank <[email protected]> wrote:

> Can someone help me in encrypting a password in a file so that I can use it
> to execute batch jobs which require username/password? I have the following
> script working but it seems to not work as time progresses:
>
> $pass = read-host -assecurestring -prompt "Enter password to encrypt: "
> convertfrom-securestring $pass -key (1..16) > encrypt.file
>
> Then I use this to decrypt it:
>
> $tt = ConvertTo-SecureString -key (1..16) (gc "./encrypt.file")
> $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
> $pass_back = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
>
> write-output "password decrpyted is: $pass_back"
What exactly happens "as time progresses"? I don't know if this will
help or not, but you might want to be sure your encoding is consistent
when you write and read the file. You will have to use Out-File
rather than redirection to create the file:

$pass = read-host -assecurestring -prompt "Enter password to encrypt:
"
convertfrom-securestring $pass -key (1..16) |
Out-File -FilePath encrypt.file -Encoding ASCII

$tt = ConvertTo-SecureString -key (1..16) `
(Get-Content "./encrypt.file" -Encoding ASCII)
$ptr =
[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
$pass_back =
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)

write-output "password decrpyted is: $pass_back"


Jeff
 

My Computer

F

Frank

Hi Jeff,

When I decrypt it, I get the correct password string back but after about an
hour, I get "???????" back. Let me retry the test.

Thanks,



"Jeff" wrote:

> On Nov 6, 7:02 am, Frank <[email protected]> wrote:

> > Can someone help me in encrypting a password in a file so that I can use it
> > to execute batch jobs which require username/password? I have the following
> > script working but it seems to not work as time progresses:
> >
> > $pass = read-host -assecurestring -prompt "Enter password to encrypt: "
> > convertfrom-securestring $pass -key (1..16) > encrypt.file
> >
> > Then I use this to decrypt it:
> >
> > $tt = ConvertTo-SecureString -key (1..16) (gc "./encrypt.file")
> > $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
> > $pass_back = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
> >
> > write-output "password decrpyted is: $pass_back"
>
> What exactly happens "as time progresses"? I don't know if this will
> help or not, but you might want to be sure your encoding is consistent
> when you write and read the file. You will have to use Out-File
> rather than redirection to create the file:
>
> $pass = read-host -assecurestring -prompt "Enter password to encrypt:
> "
> convertfrom-securestring $pass -key (1..16) |
> Out-File -FilePath encrypt.file -Encoding ASCII
>
> $tt = ConvertTo-SecureString -key (1..16) `
> (Get-Content "./encrypt.file" -Encoding ASCII)
> $ptr =
> [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
> $pass_back =
> [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
>
> write-output "password decrpyted is: $pass_back"
>
>
> Jeff
>
>
 

My Computer

F

Frank

ok, I think I know the problem. It appears that the key has something to do
with my login session. If I go to another PowerShell Term, I cannot decrypt
the password with the same script, if I go back to the original PowerShell
Term where I created the encrypted password, it does work. I must of used
another Term yesterday when it did not work and probably has nothing to do
with time. Can you think of a way around this?

Thanks,



"Jeff" wrote:

> On Nov 6, 7:02 am, Frank <[email protected]> wrote:

> > Can someone help me in encrypting a password in a file so that I can use it
> > to execute batch jobs which require username/password? I have the following
> > script working but it seems to not work as time progresses:
> >
> > $pass = read-host -assecurestring -prompt "Enter password to encrypt: "
> > convertfrom-securestring $pass -key (1..16) > encrypt.file
> >
> > Then I use this to decrypt it:
> >
> > $tt = ConvertTo-SecureString -key (1..16) (gc "./encrypt.file")
> > $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
> > $pass_back = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
> >
> > write-output "password decrpyted is: $pass_back"
>
> What exactly happens "as time progresses"? I don't know if this will
> help or not, but you might want to be sure your encoding is consistent
> when you write and read the file. You will have to use Out-File
> rather than redirection to create the file:
>
> $pass = read-host -assecurestring -prompt "Enter password to encrypt:
> "
> convertfrom-securestring $pass -key (1..16) |
> Out-File -FilePath encrypt.file -Encoding ASCII
>
> $tt = ConvertTo-SecureString -key (1..16) `
> (Get-Content "./encrypt.file" -Encoding ASCII)
> $ptr =
> [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
> $pass_back =
> [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
>
> write-output "password decrpyted is: $pass_back"
>
>
> Jeff
>
>
 

My Computer

M

Marco Shaw [MVP]

Frank wrote:

> ok, I think I know the problem. It appears that the key has something to do
> with my login session. If I go to another PowerShell Term, I cannot decrypt
> the password with the same script, if I go back to the original PowerShell
> Term where I created the encrypted password, it does work. I must of used
> another Term yesterday when it did not work and probably has nothing to do
> with time. Can you think of a way around this?
>
> Thanks,
>
>
>
> "Jeff" wrote:
>

>> On Nov 6, 7:02 am, Frank <[email protected]> wrote:

>>> Can someone help me in encrypting a password in a file so that I can use it
>>> to execute batch jobs which require username/password? I have the following
>>> script working but it seems to not work as time progresses:
>>>
>>> $pass = read-host -assecurestring -prompt "Enter password to encrypt: "
>>> convertfrom-securestring $pass -key (1..16) > encrypt.file
>>>
>>> Then I use this to decrypt it:
>>>
>>> $tt = ConvertTo-SecureString -key (1..16) (gc "./encrypt.file")
>>> $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
>>> $pass_back = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
>>>
>>> write-output "password decrpyted is: $pass_back"
>> What exactly happens "as time progresses"? I don't know if this will
>> help or not, but you might want to be sure your encoding is consistent
>> when you write and read the file. You will have to use Out-File
>> rather than redirection to create the file:
>>
>> $pass = read-host -assecurestring -prompt "Enter password to encrypt:
>> "
>> convertfrom-securestring $pass -key (1..16) |
>> Out-File -FilePath encrypt.file -Encoding ASCII
>>
>> $tt = ConvertTo-SecureString -key (1..16) `
>> (Get-Content "./encrypt.file" -Encoding ASCII)
>> $ptr =
>> [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($tt)
>> $pass_back =
>> [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
>>
>> write-output "password decrpyted is: $pass_back"
>>
>>
>> Jeff
>>
>>
There's no way around this using the above method, the person encrypting
must be the person decrypting.

If you need to hide information, see the thread "securing ps scripts"
from November 1st for some ideas.

Marco

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com
 

My Computer

Top