Powershell specifiy a literal "encrypted standard string"?

Hi,

How can I use powershell and manually define a “encrypted standard string” directly without having to read it from a file
then convert it to a secure string.

See my example Method 1 works but I can’t get Method 2 to work.

Any suggestions - as I would like to use a secure string in a script without reading it from file or prompting the user.
So just specify the long sequece of characters.

Thanks,

Ward

— Code below —

Method 1 - this works.

$pw = ConvertTo-SecureString ‘hello’ –asplaintext –force

$data1 = $pw | ConvertFrom-SecureString

$data1 | Out-File -FilePath “.\pw.txt” -Force

$file_data = Get-Content “.\pw.txt” | ConvertTo-SecureString

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

“Password: $PlainPassword”
“”
$data1

Method 2 - use literal text

$data2 = @"
01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f
5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000
f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0
"@

$file_data = $data2 | ConvertTo-SecureString

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($file_data)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

“Password: $PlainPassword”


The error I get:

ConvertTo-SecureString : Input string was not in a correct format.
At C:\Users\Ward\OneDrive\Documents\test1.ps1:27 char:23

  • $file_data = $data2 | ConvertTo-SecureString
  •                   ~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:slight_smile: [ConvertTo-SecureString], FormatException
    • FullyQualifiedErrorId : System.FormatException,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

Make sure you don’t have any line breaks in your $data2 string. You can put it onto a single line, to ensure that:

$data2 = '01000000d08c9ddf0115d1118c7a00c04fc297eb010000006060907f48c4004f9e68712619c245c6000000000200000000001066000000010000200000006be4552c3584b727a58b044097670bda284c5aac7f5db1b06d1e3629776a343e000000000e80000000020000200000006b178fa1c6f34251470d87887dd05f16d6d78ccd6be97f758a9fcca28177bf9610000000ca823ec7d654009b5640553b99e614eb40000000f86406ac343fb8a9f016e516490cc59d441af7bc760ddc19a74779275a8da347909c3df7e3a67304aa50a5a5ae71dc11cfae42ed21a7f50a54b309a2106b0ef0'

Also, keep in mind that using this method, you’ll only be able to decrypt the string with the same user account that encrypted (and most of the time, only on the same computer as well.)