Encrypting / Decrypting Text

Owned by Stephen Biro
Feb 25, 2022
1 min read

If you need to store the encrypted strings, you can do so as a variable on a ConnectId (click the little triangles at the top right of the ConnectId dialog to set manually, or use $Connectid.SomeVariableName='some value' to do it through script).

You can do the usual ConvertTo-SecureString to encrypt and then do the reverse to decrypt .... BUT, securestring "encryption" is sensitive to the MACHINE on which is it performed... so if the encryption was done on one machine, then an attempt to decrypt was done on another that would not work because the cipher keys would be different.

To get around the differing cipher key issue, you can set a cipher key "somewhere". It could be in a script on its own that is .dot sourced in when needed... or could be stored in a ConnectId that is made "Available" to the script.

Then you could have something like this: 

Cipher key stored somewhere as a string

#Alter the byte array with different values $_AESKey = '[122,198,222,53,177,10,77,234,111,100,4,85,165,223,99,199]'

Encryption / Decryption code

function encryptPassword {     param ([parameter(mandatory)][string] $plainText)     [system.byte[]]$aesKey = $_AESKey|convertFrom-Json     $secString = $plainText | ConvertTo-SecureString -AsPlainText -Force     $encryptedStr = $secString | ConvertFrom-SecureString -key $aesKey     return $encryptedStr } function decryptPassword {     param ([parameter(mandatory)][string] $encryptedText)     [system.byte[]]$aesKey = $_AESKey|convertFrom-Json     $tmpCred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'none', ($encryptedText | ConvertTo-SecureString -Key $aesKey)     return $tmpCred.GetNetworkCredential().password }

Testing

$encPwd=encryptPassword -plainText 'HelloWorld' $encPwd $ptxt=decryptPassword -encryptedText $encPwd $ptxt