lbreuss/decrypt-password.ps1

## decrypt-password.ps1
<#
.SYNOPSIS
    Decrypt a password via SecureString. output the plain text to STDOUT
.DESCRIPTION
    Multiple input modes:
    1. FILE: read encrypted string from file. named argument "-File <filepath>"
    2. STDIN: read encrypted string from stdin.
    3. Argument: read encrypted string from first argument.
.INPUTS
    System.String. Optional. The encrypted password string via STDIN
.OUTPUTS
    System.String. The plain text password
.EXAMPLE
    PS>  decrypt-password.ps1 -File pw-encrypted.txt
    P@ssword
.EXAMPLE
    > powershell -file ...\decrypt-password.ps1 -File ...\pw-encrypted.txt
    P@ssword
.EXAMPLE
    PS>  type pw-encrypted.txt | decrypt-password.ps1
    P@ssword
.EXAMPLE
    PS>  decrypt-password.ps1 "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9"
    P@ssword
#>

Param(
    [string]$encrypted_string,
    [string]$file
    )

$encrypted_string =
if($file) {
    Get-Content $file
} elseif ($encrypted_string) {
    $encrypted_string   # Just use the
} elseif ($MyInvocation.ExpectingInput) {
    $Input.MoveNext
    $Input.Current
} else {
    [Console]::Error.WriteLine("Error: Missing input")
    [Console]::Error.WriteLine($(Get-Help $MyInvocation.InvocationName | Out-String))
    exit(1)
}

$pw_secure_string = ConvertTo-SecureString $encrypted_string
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw_secure_string))

## encrypt-password.ps1
<#
.SYNOPSIS
    Convert a password via SecureString to an encrypted output
.DESCRIPTION
    Multiple input modes:
    1. Interactive prompt from console. Most SECURE. Start the script without any parameters
    2. STDIN: read password from stdin. NOTE: pipelines are somewhat not very secure
    3. Argument: read password from first argument. NOT SECURE!
.INPUTS
    System.String. Optional. The plain text password via STDIN.
.OUTPUTS
    System.String. The encrypted string.
.EXAMPLE
    PS> encrypt-password.ps1
    Enter a Password: ***
    01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9
.EXAMPLE
    PS> echo "P@ssword" | encrypt-password.ps1 > pw-encrypted.txt
.EXAMPLE
    PS> encrypt-password.ps1 "P@ssword"
    01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9
#>

$pw_secure_string = if ($MyInvocation.ExpectingInput) {
    # Alternatively, use $firstLine = [console]::ReadLine() - thanks, @binki
    $firstLine = $($null = $Input.MoveNext(); $Input.Current)
    ConvertTo-SecureString -AsPlainText -Force $firstLine
} else {
    if($args[0]) {
        ConvertTo-SecureString $args[0] -AsPlainText -Force
    } else {
        Read-Host "Enter a Password" -AsSecureString
    }
}
$pw_secure_string | ConvertFrom-SecureString
	<#
	.SYNOPSIS
	Decrypt a password via SecureString. output the plain text to STDOUT
	.DESCRIPTION
	Multiple input modes:
	1. FILE: read encrypted string from file. named argument "-File <filepath>"
	2. STDIN: read encrypted string from stdin.
	3. Argument: read encrypted string from first argument.
	.INPUTS
	System.String. Optional. The encrypted password string via STDIN
	.OUTPUTS
	System.String. The plain text password
	.EXAMPLE
	PS> decrypt-password.ps1 -File pw-encrypted.txt
	P@ssword
	.EXAMPLE
	> powershell -file ...\decrypt-password.ps1 -File ...\pw-encrypted.txt
	P@ssword
	.EXAMPLE
	PS> type pw-encrypted.txt \| decrypt-password.ps1
	P@ssword
	.EXAMPLE
	PS> decrypt-password.ps1 "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9"
	P@ssword
	#>

	Param(
	[string]$encrypted_string,
	[string]$file
	)

	$encrypted_string =
	if($file) {
	Get-Content $file
	} elseif ($encrypted_string) {
	$encrypted_string # Just use the
	} elseif ($MyInvocation.ExpectingInput) {
	$Input.MoveNext
	$Input.Current
	} else {
	[Console]::Error.WriteLine("Error: Missing input")
	[Console]::Error.WriteLine($(Get-Help $MyInvocation.InvocationName \| Out-String))
	exit(1)
	}

	$pw_secure_string = ConvertTo-SecureString $encrypted_string
	[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw_secure_string))
	<#
	.SYNOPSIS
	Convert a password via SecureString to an encrypted output
	.DESCRIPTION
	Multiple input modes:
	1. Interactive prompt from console. Most SECURE. Start the script without any parameters
	2. STDIN: read password from stdin. NOTE: pipelines are somewhat not very secure
	3. Argument: read password from first argument. NOT SECURE!
	.INPUTS
	System.String. Optional. The plain text password via STDIN.
	.OUTPUTS
	System.String. The encrypted string.
	.EXAMPLE
	PS> encrypt-password.ps1
	Enter a Password: ***
	01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9
	.EXAMPLE
	PS> echo "P@ssword" \| encrypt-password.ps1 > pw-encrypted.txt
	.EXAMPLE
	PS> encrypt-password.ps1 "P@ssword"
	01000000d08c9ddf0115d1118c7a00c04fc297eb01000000154ac53480ca18428eeba04593bafac50000000002000000000010660000000100002000000033b576b8edb6a6919e223c8a80d15bbb43911b651bd37622cd4c2a9da743573f000000000e80000000020000200000004855fd9ed13221316bf9ecb2840501c1932f0416bf19d155afa9aa88be7563ec10000000f57cecad800828719f3b9ef2146f3b934000000027413d2f47be573231741326c08cd7e42bfe960104762d4c54707200c807c806d35460a1f0fe46e65f90005adf7aa8964516e570d62a2976dc694246be2f86b9
	#>

	$pw_secure_string = if ($MyInvocation.ExpectingInput) {
	# Alternatively, use $firstLine = [console]::ReadLine() - thanks, @binki
	$firstLine = $($null = $Input.MoveNext(); $Input.Current)
	ConvertTo-SecureString -AsPlainText -Force $firstLine
	} else {
	if($args[0]) {
	ConvertTo-SecureString $args[0] -AsPlainText -Force
	} else {
	Read-Host "Enter a Password" -AsSecureString
	}
	}
	$pw_secure_string \| ConvertFrom-SecureString