I've a script to convert a string to a securestring, to use it in a powershell script.
The script works fine, but I'm not able to use password when there is a comma , or ? or : (I don't know which of the special char don't work ....) inside.
Here is the script :
# Creating SecureString object
$PasswordFile = "X:\pwd\password.txt" # where the securestring will be stored
$KeyFile = "X:\pwd\password.key" # where the AES.Key is located
$Key = Get-Content $KeyFile
$Password = "azerty,12?34:5" | ConvertTo-SecureString -AsPlainText -Force # put your password
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile
Thanks
I already tried a lot of escape sequences,
'''password''',
backslash, ....
I have been following along on numerous how-to articles that explain how to decrypt an AES encrypted password. No matter how I try, the password ends up with $password displaying as System.Security.SecureString. I need the password to echo in plain text because I am calling a command line utility that does not use windows permissions (ADSI/LDAP). Here's my script:
$PasswordFile = "$PSScriptRoot\PowerShell\AESpassword.txt"
$KeyFile = "$PSScriptRoot\PowerShell\AES.key"
$key = Get-Content $KeyFile
$MyPassword = ConvertTo-SecureString (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) -AsPlainText -Force
$Marshal = [System.Runtime.InteropServices.Marshal]
$BSTR = $Marshal::SecureStringToBSTR($MyPassword)
$password = $Marshal::PtrToStringAuto($BSTR)
According to #MathiasRJessen the suggestion to use $MyPassword = Get-Content $PasswordFile | ConvertTo-SecureString -Key $key worked like a charm! Thank you so much! Make sure to post that comment as the answer so I can give you credit for it. :)
I'm trying to make an API call using a password that contains an "#" character and I'm getting invalid credentials.
$Password = ConvertTo-SecureString -String $Password -AsPlainText -Force
$Creds = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $Username, $Password
Invoke-RestMethod -Uri ("http://contoso") -Credential $Creds
You have to escape the special chars or put the password in single quotes.
But as #Lieven Keersmaekers said - the # is no special char.
So you have to look if you have an other problem :)
Examples:
$Password = '$up#r' // -- This works (single quotes wont interpret the "special chars")
$Password = "`$up#r" // -- This works because you escaped the characters
$Password = "$up#r" // -- This wont work
More Examples:
PS > $Password = "H#ppy"
$Password
H#ppy
PS > $Password = '$uper H#ppy'
$Password
$uper H#ppy
PS > $Password = "`$uper H#ppy"
$Password
$uper H#ppy
hava a look at this Site
Greetz Eldo.Ob
it was not the # causing the problem it was in-fact a $ in the password causing the problem.
I added single quotes to my password and it works.
Thanks for the suggestions.
I need help with secure strings I understand that this way is not very secure. But this is on the admin side of the machine. However, I do not want the password in plain text for admins to see.
I've successfully got this method to work with this script:
$securepasswordkey = "76492d1116743f0423413b16050a5345MgB8AG4ARgBHAGIAWABmAEgAOABZAEoAbQBCAGYAegBsAEYATwAyAHEAcgAHwAOAA2ADUANwA5AGUAYwA4ADQAMgA1ADUAYQBhAGQAOAA2ADQANgA3AGUAMgA1AGMAYQA5AGQANwAwAGIAMAAxAGYAZgBhAGQAMwBiADYAMgBmAGIANwA5ADcAZABiADMAZgAyAGMAMABhAGYAYwA1AGQAOQA3AGMAMAAzADcAMwAzAGMAMQA1ADQAOABjADkAMwBhADcAMQBlAGUAZQA4AGYANwA5ADEAYgA0AGIAYgA0ADgA"
$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $SecurePasswordKey -Key $key
$username = "$domain\administrator"
$cred = new-object -typename System.Management.Automation.PSCredential - argument $username, $password
The one above works successfully for hiding the password. However now i'm trying to accomplish it without the credential object and I'm having issues:
$Secure = "76492d1116743f0423413b16050a5345MgB8ADAATQA5ADAAQwBLAGIAKwBPAFEATwA2ADIASgBVADAAGIAZAAwADgAMwAzADIANQA0ADAAOQA0ADUAMgBhADMANgAyAGQANQA4AGUANwAyADgANABhAGIAOABjAGUAMgAyADAAYQBlADkAZgBlAGYAOQAxAGIAOQA="
$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $Secure -Key $key
$sqlQuery | sqlplus -silent "USERNAME/$password#(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=database.host.net)(Port=1522))(CONNECT_DATA=(SERVICE_NAME=database.host.net)))"
Your problem is here:
$password = ConvertTo-SecureString -String $Secure -Key $key
With this line of code, the $password variable contains a SecureString object, not a plain-text string. Here's a short function that returns a plain-text string from a SecureString object:
# Return a SecureString as a String.
function ConvertTo-String {
param(
[Security.SecureString] $secureString
)
$marshal = [Runtime.InteropServices.Marshal]
try {
$intPtr = $marshal::SecureStringToBSTR($secureString)
$string = $marshal::PtrToStringAuto($intPtr)
}
finally {
if ( $intPtr ) {
$marshal::ZeroFreeBSTR($intPtr)
}
}
$string
}
Add this function to your script, and you can now write this:
$password = ConvertTo-String (ConvertTo-SecureString -String $Secure -Key $key)
Now $password will contain a plain-text string.
I'm having a lot of difficulty with a PowerShell script that I'm trying to call a DirectoryServices query from. Currently, if I do a
$password = read-host "Password" -asSecureString
and subsequently
$credential = New-Object System.Management.Automation.PSCredential $username,$password
everything works fine. However if I try to pass the string parameter with a param($password) and then convert it to a secure string with this code:
$password = ConvertTo-SecureString -AsPlainText -Force $password
After extensive debugging I can see this is working fine in terms of converting the string to a securestring, but I get a bad user/password from DirectoryServices when I use the parameter. Everything works fine when read from the console. Any ideas on what I can do to accept a parameter OR take console input in the absence of a parameter?
This is what I was hoping would work, but doesn't:
if($password -eq $null) {
$password = read-host "Password" -asSecureString
} else {
$password = ConvertTo-SecureString -AsPlainText -Force $password
}
$credential = New-Object System.Management.Automation.PSCredential $username,$password
I recently created a script and was running into the same issue. The work around I found in my case was the following:
#Prompts for the username/password, enter the username in the form of DomainName\UserName
$Credential = get-credential
#Converts the password to clear text to pass it through correctly as passing through a secure string does not work.
$Password = $credential.GetNetworkCredential().password
#Converts the $Credential to just the DomainName/UsernName.
$Account = $credential.UserName
Hopefully this will work in your situation