By portable, we mean you can generate the encrypted password and use it on other systems, not just the one it was created on. We do this by using a ke
By portable, we mean you can generate the encrypted password and use it on other systems, not just the one it was created on. We do this by using a key, AES encryption only supports 128-bit (16 bytes), 192-bit (24 bytes) or 256-bit key (32 bytes) lengths. In this example a 128-bit encryption key need 16 bytes.
[Byte] $key = (1..16)
First let’s generate our key with the following code:
$KeyFile = "c:\temp\AES.key" $Key = New-Object Byte 16 # You can use 16, 24, or 32 for AES [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) $Key | out-file $KeyFile
Now, we can use this bit of code to generate the encrypted Password.txt file:
$PasswordFile = "c:\temp\Password.txt" $KeyFile = "c:\temp\AES.key" $Key = Get-Content $KeyFile $Password = "@#$EjKiu3240-73" | ConvertTo-SecureString -AsPlainText -Force $Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile
Now you can use an AES key to make SecureStrings created by different user accounts and workstations, you have to protect that key as best as you can since anybody who has that AES key can now decrypt the data protected.
$User = "User" $PasswordFile = "c:\temp\AES\Password.txt" $KeyFile = "c:\temp\AES\AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)