Back to Blog
Making a tex file secure6/7/2023 If you want to use AES rather than DPAPI, you need to also provide the -Key or -SecureKey parameter to the ConvertFrom-SecureString and ConvertTo-SecureString cmdlets. To reverse this and obtain a SecureString object: $secureString = Get-Content "D:\Path\EncryptedStandardString.txt" | Out-File "D:\Path\EncryptedStandardString.txt" Here's how to prompt for a SecureString and write it to a text file as an encrypted standard string: Read-Host "Enter password" -AsSecureString | Getting desperate here! Any help would be greatly appreciated!! My fear is that I did not follow proper syntax when creating and will not be able to recover the original key, thus not able to recover my backups. ::PtrToStringAuto(::SecureStringToBSTR($new1))Įach of these results in nothing being returned at all really. I've also tried the more recommended method: $new1 = cat $SecurePasswordPath | ConvertTo-SecureString The result of that usually is a blank field. $Ptr = ::SecureStringToCoTaskMemUnicode($new1) ![]() ![]() Like the master key, the DEK is generated at installation time, encrypted with the KEK, and stored in a config file. This DEK is used to encrypt any other secrets (like DB creds). Its only purpose is to de/encrypt the DEK, which is stored in encrypted form in a config file. I've tried the following to try and recover the key: $new1 = cat $SecurePasswordPath | ConvertTo-SecureString The master key is then cleared from memory. The Veeam backup script is actually reading it as follows: $EncryptionKey = Add-VBREncryptionKey -Password (cat $SecurePasswordPath | ConvertTo-SecureString) $EncryptionKey = cat $SecurePasswordPath | ConvertTo-SecureString $SecurePassword | ConvertFrom-SecureString > C:\TEMP\TEST_Secure.txtįor my application of choice (Veeam backup) I read the file containing the encrypted password and fed it back in to the application $SecurePasswordPath = "C:\TEMP\TEST_Secure.txt" The SecureString was initially created and stored in a text file using the following: $SecurePassword = Read-Host -Prompt "Enter password" -AsSecureString I'm doing this because I believe there may have been a typo when originally entering the password. I'm having trouble converting a previously stored SecureString back to it's original string.
0 Comments
Read More
Leave a Reply. |