/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" Get-credential and Decrypting a SecureString in MS... "," Atari Laptop (no MSH content) "," Sending Mail from MSH "," MSH More replacement script update (HotFix) "," Enhanced More Function for MSH "," Get driveletters for All drives (Providers) in MSH... "," Math "," Exploring .NET types, classes and Enums from MSH "," Wipe the screen in MSH "," Blog series about Errorhandling in MSH "," ")

Friday, November 18, 2005

 


More on Cryptograpy and MSH



As I did say to you that I would look into it a bit more in last post :
Get-credential and Decrypting a SecureString in MSH

I got al lot of help since then (basicly they worked it all out for me), so I just post some of it here :

First I got an Example of using Encryption in MSH from Lee Holmes in the NG:


$plainText = "Meet at dawn."
$plainBytes = $(new-object System.Text.ASCIIEncoding).GetBytes($plainText)

$rijndael = new-object System.Security.Cryptography.RijndaelManaged
$rijndael.Mode = "CBC"

$saltBytes = $(new-object System.Text.ASCIIEncoding).GetBytes("Salt")
$password = new-object `
System.Security.Cryptography.PasswordDeriveBytes "PassPhrase",$saltBytes,"SHA1",2
$keyBytes = $password.GetBytes(32)

$ivBytes = $(new-object System.Text.ASCIIEncoding).GetBytes("iviviviviviviviv")
$encryptor = $rijndael.CreateEncryptor($keyBytes, $ivBytes)

$memoryStream = new-object System.IO.MemoryStream
$cryptoStream = new-object System.Security.Cryptography.CryptoStream `
$memoryStream,$encryptor,"Write"

$cryptoStream.Write($plainBytes, 0, $plainByetes.Length)
$cryptoStream.FlushFinalBlock()
$cipherTextBytes = $memoryStream.ToArray()

$memoryStream.Close()
$cryptoStream.Close()

$cipherText = [Convert]::ToBase64String($cipherTextBytes)

$cipherText


Lee Holmes [MSFT]


As this is using Rijndael not DPAPI it works with a Password.

then an example of In and exporting a Key in MSH using export-securestring, also posted by Lee Holmes in the NG :


MSH:31 C:\temp > ## Part 1: User embeds "Hello World" in a SecureString
MSH:32 C:\temp > $secureString = new-secureString
Enter secret: ***********

MSH:33 C:\temp >
MSH:33 C:\temp > ## ... and creates their secret key
MSH:34 C:\temp > $secureKey = new-secureString
Enter secret: ****************

MSH:35 C:\temp >
MSH:35 C:\temp > ## Then, they export it
MSH:36 C:\temp > $exported = export-secureString $secureString $secureKey
MSH:37 C:\temp > $exported
6f5285124d9aee83fa37c64444f30f22c0d4577f9a6c6017d8feb3fa2803c65d
MSH:38 C:\temp >
MSH:38 C:\temp > ## Part 2: Another user imports that into another SecureString, using
MSH:39 C:\temp > ## the same key.
MSH:40 C:\temp > $imported = import-secureString $exported $secureKey
MSH:41 C:\temp >
MSH:41 C:\temp > ## Then, they extract the message from the SecureString
MSH:42 C:\temp > $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($imported)
MSH:43 C:\temp > $message = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($ptr)
MSH:46 C:\temp >
MSH:46 C:\temp > ## This is it
MSH:47 C:\temp > $message
Hello World
MSH:48 C:\temp >


I was testing this with DPAPI (Knowing it would not work, but as a test), and importing as another user, and got a strange Error (file not found), and got the second Example I promised to post as an answer ;-).

Also I got a Comment from Marcel on last post, with a nice tip about using get-credential and GetNetworkCredential to decrypt a securestring .

So thanks Marcel, for the tip,
and Lee for writing the examples for me and the rest of the Help.

gr /\/\o\/\/

PS new-securestring has no Key Option, (after I mentioned it in the NG, I got that "arrg, Ofcourse not"-feeling.) there is no use to it, so I kind of expected Lee's reaction LOL :

Lee Holmes :

I'm not sure why you'd want a key for new-secureString. If you want to use a key, the export-secureString and import-secureString (with the key parameter) should do what you want.

/\/\o\/\/:

Your right, I did think about that also (after my sleep), as the SecureString's purpose is different, it's in memory only(you need to export it anyway to get it out of your session). so only using DPAPI here makes sence ;-)


Comments: Post a Comment

Links to this post:

Create a Link



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?