gh0AmpCu

· 7 years ago · Feb 26, 2018, 04:56 AM
1function New-AesKey() {
2    param(
3
4        [Parameter(Mandatory=$false)]
5        [ValidateSet(16, 24, 32)]
6        [Int] $KeySize=32
7
8    )
9
10    $aes_key = New-Object Byte[] $KeySize
11    [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($aes_key)
12
13    return $aes_key
14}
15
16function Encrypt-String() {
17    param(
18
19        [Parameter(Mandatory=$true, ParameterSetName="NotSecureString")]
20        [ValidateNotNullOrEmpty()]
21        [String] $InputString,
22
23        [Parameter(Mandatory=$true, ParameterSetName="SecureString")]
24        [ValidateNotNullOrEmpty()]
25        [SecureString] $InputSecureString,
26
27        [Parameter(Mandatory=$false)]
28        [ValidateNotNullOrEmpty()]
29        [ValidateScript({Test-Path $_})]
30        [String] $KeyFilePath
31
32    )
33
34    ## Init
35
36    $this_paramset = $PSCmdlet.ParameterSetName
37
38    ## Main
39
40    # create key (if necessary) || import
41    if ([string]::IsNullOrEmpty($KeyFilePath)) {
42        $key = New-AesKey | Tee-Object -FilePath "secret.key"
43        Write-Host "New encryption key created here: $(Resolve-Path .)\secret.key" -ForegroundColor Yellow
44    } else {
45        $key = Get-Content "$KeyFilePath"
46    }
47
48    # convert to secure string if not currently
49    if ($this_paramset -eq "NotSecureString") {
50        $InputSecureString = "$InputString" | ConvertTo-SecureString -AsPlainText -Force
51    }
52
53    $encrypted_result = $InputSecureString | ConvertFrom-SecureString -Key $key
54
55    ## Output
56
57    return $encrypted_result
58
59}
60
61function Decrypt-ToSecureString() {
62    [CmdletBinding()]
63    param(
64        [Parameter(Mandatory=$true, ParameterSetName="default")]
65        [Parameter(Mandatory=$true, ParameterSetName="ToPsCredentials")]
66        [ValidateNotNullOrEmpty()]
67        [String] $EncryptedString,
68
69        [Parameter(Mandatory=$true, ParameterSetName="default")]
70        [Parameter(Mandatory=$true, ParameterSetName="ToPsCredentials")]
71        [ValidateNotNullOrEmpty()]
72        [ValidateScript({Test-Path $_})]
73        [String] $KeyFilePath,
74
75        [Parameter(Mandatory=$false, ParameterSetName="ToPsCredentials")]
76        [Switch] $ToPsCredentials,
77
78        [Parameter(Mandatory=$false, ParameterSetName="default")]
79        [Parameter(Mandatory=$true, ParameterSetName="ToPsCredentials")]
80        [ValidateNotNullOrEmpty()]
81        [String] $Username
82    )
83
84    ## Init
85
86    $this_paramset = $PSCmdlet.ParameterSetName
87
88    ## Main
89
90    $key = Get-Content $KeyFilePath
91    $result = $EncryptedString | ConvertTo-SecureString -Key $key
92
93    if ($this_paramset -eq "ToPsCredentials") {
94        $result = New-Object 'System.Management.Automation.PSCredential' -ArgumentList $Username, $result
95    }
96
97    ## Output
98
99    return $result
100
101}
102
103### Examples
104
105## Encryption
106
107# Encrypt-String -InputString "SimpleString"
108# Encrypt-String -InputString "SimpleString" -KeyFilePath .\secret.key
109
110$password = Read-Host -AsSecureString -Prompt "Enter password"
111$password_encrypted = Encrypt-String -InputSecureString $password
112
113## Decrypt
114
115# Decrypt-ToSecureString -EncryptedString $password_encrypted -KeyFilePath ".\secret.key"
116
117$credentials = Decrypt-ToSecureString -EncryptedString $password_encrypted -KeyFilePath ".\secret.key" -ToPsCredentials -Username "domain\user"