# encoding: ascii
# api: powershell
# title: secure passwords
# description: Encrypting and Decrypting passwords using securestring. Simple example.
# version: 0.1
# type: function
# author: BattleChicken
# license: CC0
# function: Get-PasswordFromEncryptedFile
# x-poshcode-id: 5807
# x-archived: 2015-04-03T14:47:08
# x-published: 2015-04-01T18:20:00
#
#
Function Get-PasswordFromEncryptedFile {
<#
.Synopsis
Converts a password stored as a secure string to a file to plain text.
.DESCRIPTION
Converts a password stored as a secure string to a file to plain text.
.EXAMPLE
Get-PasswordFromEncryptedFile -PasswordFile "c:\admin\MyEncryptedPass.txt"
Assuming the user who encryptedt he password is the same user executing the command, will decrypt the string in c:\admin\MyEncryptedPass.txt to plain-text.
.OUTPUTS
Outputs a string object
.NOTES
This function can be tricky. it decrypts a securestring, so it will only be reversible by the same user that created the original encrypted file. So, if my user is MyDomain\MyUsername, only MyDomain\MyUsername on the same machine can reverse the encryption. Keep in mind the decrypt will only work if you created the file on that same machine.
.FUNCTIONALITY
Decrypts a secure string saved to a file.
#>
param(
[parameter(Mandatory=$true)]
[string]$PasswordFile
)
if (-not (Test-Path $PasswordFile)){
throw "Nonexistent Password file"
}
else {
try{
$encryptedPass = get-content $PasswordFile | ConvertTo-SecureString
$encryptedStr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encryptedPass)
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($encryptedStr)
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR($encryptedStr) # Cleanup to avoid memory leak
}
catch {
throw "Error decrypting Secure string. Only files encrypted by $env:USERNAME on $env:COMPUTERNAME can be decrypted in this session."
}
}
}
Function New-PasswordFile {
<#
.Synopsis
Saves a string (a password most likely) to the specified file.
.DESCRIPTION
Saves a string (a password most likely) to the specified file.
.EXAMPLE
New-PasswordFile -PasswordFile c:\admin\MyEncryptedPassword.txt
Prompts the user for a string, which gets saved encrypted to c:\admin\MyEncryptedPassword.txt
#>
param(
[parameter(Mandatory=$true)]
[string]$PasswordFile
)
read-host -AsSecureString "Enter a password" | ConvertFrom-SecureString -ErrorAction stop| out-file $PasswordFile -ErrorAction Stop