Last active
October 10, 2017 16:25
-
-
Save shinjijai/9c01d08dc6d2a08027ae282157f929f2 to your computer and use it in GitHub Desktop.
Store encrypted password into a file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-SecurePass{ | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory=$true)] | |
| [System.Security.SecureString]$SecurePassword, | |
| [Parameter(Mandatory=$false)] | |
| [string]$FileName = "EncryptedPassword", | |
| [Parameter(Mandatory=$false)] | |
| [string]$KeyFilePath = ".\", | |
| [Parameter(Mandatory=$false)] | |
| [string]$PassFilePath = ".\" | |
| ) | |
| <# | |
| .SYNOPSIS | |
| This should be used if there's a need to create and store the password for any given script. | |
| .DESCRIPTION | |
| Will write out two files, .key file will store the key used to encrypted the password. | |
| The .pass is the encrypted password. The key should be stored in a safe location, as | |
| any access to the key will allow anybody to decrypt the encrypted password. | |
| It's required that you have to know what the user name is when you import the password back | |
| in, as we do not store the user name anywhere. | |
| .PARAMETER SecurePassword | |
| Is a SecureString, and is the only mandatory parameter. Without the SecureString, there | |
| will be nothing to encrypt. | |
| .PARAMETER FileName | |
| Both the .key and .pass will be based off this parameter. If FileName is not supplied | |
| the default of "EncryptedPassword" will be used in it's place. | |
| .PARAMETER KeyFilePath | |
| Location on where to store the .key file. The default is to create the .key file | |
| in the current directory. | |
| .PARAMETER PassFilePath | |
| Location on where to store the .pass file. The default is to create the .pass file | |
| in the current directory. | |
| .EXAMPLE | |
| New-SecurePass -SecurePassword (Get-Credential).Password -FileName "SecurePassword" | |
| #> | |
| $KeyFilePath = (Join-Path -Path $KeyFilePath ("$FileName`.key")) | |
| $PassFilePath = (Join-Path -Path $PassFilePath ("$FileName`.pass")) | |
| $AESKey = New-Object Byte[] 32 | |
| [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey) | |
| Set-Content -Path $KeyFilePath $AESKey #this will over write any previous content of the same name | |
| $Password = $SecurePassword | ConvertFrom-SecureString -Key $AESKey | |
| Set-Content -Path $PassFilePath $Password #this will over write any previous content of the same name | |
| } | |
| function Import-SecurePass{ | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory=$true)] | |
| [string]$KeyFilePath, | |
| [Parameter(Mandatory=$true)] | |
| [string]$PassFilePath, | |
| [Parameter(Mandatory=$true)] | |
| [string]$UserName | |
| ) | |
| $ValidKey = Test-Path -Path $KeyFilePath | |
| $ValidPass = Test-Path -Path $PassFilePath | |
| if($ValidKey -and $ValidPass) { | |
| $Key = Get-Content $KeyFilePath | |
| $Pass = Get-Content $PassFilePath | |
| $SecurePass = $Pass | ConvertTo-SecureString -Key $Key | |
| $NewCredential = New-Object System.Management.Automation.PSCredential($UserName, $SecurePass) | |
| return $NewCredential | |
| } | |
| else { | |
| Write-Host "Invalid path to the `"key`" or`"pass`" file." | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment