PassWithAES.ps1
|
<#
.SYNOPSIS Encrypts a given password with a random AES key. .DESCRIPTION Encrypts a given password with a random AES key. Saves the key and the encrypted password to the given paths. With AES encryption, the key is used to both encrypt and decrypt the message. .LINK Nexus Innovations : http://www.nexusinno.com -------------------------------------------------------------------------------------- Module 'Nexus.PSToolkit' by: Nexus Innovations. -------------------------------------------------------------------------------------- #> function global:Set-PassWithAES { Param ( [Parameter(Mandatory = $true)] [string]$SecureCredentialFilePathOutput, [Parameter(Mandatory = $true)] [string]$AESKeyFilePathOutput, [Parameter(Mandatory = $true)] [Security.SecureString]$PlainPassword ) # Creates folder structure if it does not already exists foreach ($path in ($SecureCredentialFilePathOutput, $AESKeyFilePathOutput )) { if (-not @(Test-Path $path)) { $folderStructure = Split-Path -Path $path mkdir $folderStructure } } # Generate a random AES Encryption Key. $AESKey = New-Object Byte[] 32 [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey) # Store the AESKey into a file. This file should be protected! (e.g. ACL on the file to allow only select people to read) Set-Content $AESKeyFilePathOutput $AESKey # Any existing AES Key file will be overwritten $password = $PlainPassword | ConvertFrom-SecureString -Key $AESKey Set-Content $SecureCredentialFilePathOutput $password } <# .SYNOPSIS Creates a credential with a username, an encrypted password and the key. .DESCRIPTION Creates a credential with a username, an encrypted password and the key. Decrypts the encrypted password with the given AES key and pairs it with the given username into a PSCredential object. .LINK Nexus Innovations : http://www.nexusinno.com -------------------------------------------------------------------------------------- Module 'Nexus.PSToolkit' by: Nexus Innovations. -------------------------------------------------------------------------------------- #> function global:Get-CredentialsWithAES { Param ( [Parameter(Mandatory = $true)] [string]$Username, [ValidateScript({Test-Path $_})] [Parameter(Mandatory = $true)] [string]$SecureCredentialFilePath, [Parameter(Mandatory = $true)] [string]$AESKeyFilePath ) $AESKey = Get-Content $AESKeyFilePath $pwdTxt = Get-Content $SecureCredentialFilePath $securePwd = $pwdTxt | ConvertTo-SecureString -Key $AESKey return New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $securePwd } <# .SYNOPSIS .DESCRIPTION .LINK Nexus Innovations : http://www.nexusinno.com -------------------------------------------------------------------------------------- Module 'Nexus.PSToolkit' by: Nexus Innovations. -------------------------------------------------------------------------------------- #> function global:Decrypt-WithAES { Param ( [ValidateScript({Test-Path $_})] [Parameter(Mandatory = $true)] [string]$SecureCredentialFilePath, [Parameter(Mandatory = $true)] [string]$AESKeyFilePath ) $AESKey = Get-Content $AESKeyFilePath $pwdTxt = Get-Content $SecureCredentialFilePath $securePwd = $pwdTxt | ConvertTo-SecureString -Key $AESKey $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securePwd) $UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) return $UnsecurePassword } |