Create a Portable Encrypted Password

Create a Portable Encrypted Password

By portable, we mean you can generate the encrypted password and use it on other systems, not just the one it was created on. We do this by using a ke

Mapped Drive with Encrypted Password
Lost AD Trust and Your Local Account Doesn’t Work!
WMI and CIM with PowerShell – The Basics

By portable, we mean you can generate the encrypted password and use it on other systems, not just the one it was created on. We do this by using a key, AES encryption only supports 128-bit (16 bytes), 192-bit (24 bytes) or 256-bit key (32 bytes) lengths. In this example a 128-bit encryption key need 16 bytes.

[Byte[]] $key = (1..16)

First let’s generate our key with the following code:

$KeyFile = "c:\temp\AES.key"
$Key = New-Object Byte[] 16   # You can use 16, 24, or 32 for AES
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile

Now, we can use this bit of code to generate the encrypted Password.txt file:

$PasswordFile = "c:\temp\Password.txt"
$KeyFile = "c:\temp\AES.key"
$Key = Get-Content $KeyFile
$Password = "@#$EjKiu3240-73" | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile

Now you can use an AES key to make SecureStrings created by different user accounts and workstations, you have to protect that key as best as you can since anybody who has that AES key can now decrypt the data protected.

$User = "User"
$PasswordFile = "c:\temp\AES\Password.txt"
$KeyFile = "c:\temp\AES\AES.key"
$key = Get-Content $KeyFile
$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential `
 -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)