PowerShell Script: Encrypting / Decrypting A String – Function Encrypt-String

Posted on March 20, 2010. Filed under: Powershell Tangents |

Thank you for visiting my blog. I’ve moved this article to my new book’s website at: http://masteringposh.com/powershell-script-encrypting-decrypting-a-string-function-encrypt-string

The encryption and decryption of strings is essential when creating an enterprise product that has clear text passwords. This function displays how to encrypt and decrypt a string using Powershell using Richard’s code located at http://poshcode.org/116. While I found his code very useful, he didn’t explain the syntax and is why I am reposting this with the proper information.

I also decided to make this into an endless loop for an administrator to use to encrypt multiple passwords in a row. I found this to be useful as I never had to encrypt just one password.

 See the full article on MasteringPosh.com

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

4 Responses to “PowerShell Script: Encrypting / Decrypting A String – Function Encrypt-String”

RSS Feed for Business and Information Technology Tangents Comments RSS Feed

PShellExec is a free utility that encrypts and executes any data sensitive PowerShell scripts.

So that no one else wastes their time, I will explain what this product does.

#1 PShellExec a command line based tool that you need to INPUT A PASSWORD both directions. So if you’re trying to script the encryption and decryption of the powershell script…. the password has to be in clear text or base… which is basically the same thing as my above script when you’re scripting it.

#2 De-compiling the PshellExe.exe, I found that you are using the same cryptology mechanism that I am using in my Powershell script: (Code from exe: System.Reflection RijndaelManaged)

#3 You complied it into an exe… and it needs to be distributed to every system on the network unlike Powershell which is natively installed on Windows 7 + Server 2008 system. No small or large organization would dare touch an unsigned exe with no version information from an author-less developer… “Paperless” is not signing your code and really gives the product no cred.

I suggest staying far away from this application.

How do you use the encrypted password once it’s encrypted?

Nick,

The “function” password (MyStrongPassword) is not encrypted; the “user password” in my example is encrypted. After running the script, the script will output the value of the “User Password” in it’s encrypted state. When you run the decryption function, the script will output the decrypted value of the “User password”.

Remember you have to use the same “function” password for the encryption and decryption calls:
Encrypt-String $encrypted “MyStrongPassword”
Decrypt-String $encrypted “MyStrongPassword”

If you don’t want to automate the encryption and decryption process, the TRUE and secure way to do it is prompt for a “function” password by doing:
$passstr = read-host “(Case Sensitive) Please Enter The Script Password”
$encrypted = Encrypt-String $encrypted $passstr
OR
$passstr = read-host “(Case Sensitive) Please Enter The Script Password”
$decrypted = Decrypt-String $encrypted $passstr

Let me know if this answers your question.

-Brenton


Where's The Comment Form?

    About

    Business and Information Technology Tangents is dedicated to providing quality content while informing the world about technology.

    RSS

    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET News.com
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS

    Meta

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: