Padding is invalid and cannot be removed.

Powershell version:

Name : ConsoleHost
Version : 5.0.10105.0

Decryption issue

PS C:\Users\Administrator> ConvertTo-SecureString -key $key -String $password
ConvertTo-SecureString : Padding is invalid and cannot be removed.
At line:1 char:1

  • ConvertTo-SecureString -key $key -String $password
  •   + CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
      + FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecure
     StringCommand
    
     
    

No issues with earlier version of powershell. ( works fine on version 4 )
Requesting help in this regards,

Script:
$file = “c:\securefile”
$key = 1…32 | Get-Random -Count 16 -SetSeed 654321
$password = Get-Content $File | ConvertTo-SecureString -key $key

need some directions to fix this.

Additional notes::

just to add,
https://technet.microsoft.com/en-us/library/hh849905.aspx?f=255&MSPPError=-2147217396

Example 11 says

Commands with the same seed are not random.

I got 2 different set of output for $key for version 4 and version 5.

any suggestions?

Looks like something changed in Get-Random between those PS versions. Since you’re essentially hard-coding your key either way, it would probably be safer just to save it that way, and avoid the problem.

$key = [Convert]::FromBase64String('CwUCCg4QGxITESAJGQgBFw==')

To get that key, I ran these commands in PowerShell v2:

$bytes = 1..32 | Get-Random -Count 16 -SetSeed 654321
[Convert]::ToBase64String($bytes)

On a side note, this doesn’t really add any security, since anyone can retrieve your key using the same PowerShell commands. I did a talk on this subject at the PowerShell summit which might interest you: Keeping Secrets - YouTube

Hello Dave,

Thank you… i’ve already seen your talk on crypto and it had helped me a lot , this is the type 1 , the script executes and it gets deleted and it happens even before the server is ready.

for now, i’ve hard-coded the working key… waiting to know what has changed in get-random even though there is a work around …

Thank you once again…

The only change I see.

Beginning in Windows PowerShell 3.0, Get-Random supports 64-bit integers. In Windows PowerShell 2.0, all values are cast to System.Int32