locked
How to encrypt password using provided pgp public key in Powershell? RRS feed

  • Question

  • I have a PGP public key that is used to encrypt passwords. Using Powershell, how do I encrypt a password using a pgp public key; which then I will use to update the credentials in  a text file ?

    This is what I  have tried:

    $Keyfile= "C:\PKey\PubKey.pub"
    $Key = Get-Content $Keyfile

    "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -Securekey $Key 

    But i get the output "Cannot convert the value of type "System.String" to "System.Security.SecureString"

    Appreciate your help!

    Thursday, January 11, 2018 9:32 PM

Answers

  • The question was about how to securely store a password. You can use DPAPI (no -Key or -SecureKey parameter to ConvertFrom-SecureString and ConvertTo-SecureString - can only decrypt on same computer with same user account), or you can use AES (requires use of -Key or -SecureKey parameter). Export-CliXml and Import-CliXml technique on PowerShell 3.0 and later uses DPAPI (it has no -Key or -SecureKey parameters).


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Bill_Stewart Wednesday, January 17, 2018 10:13 PM
    • Marked as answer by Bill_Stewart Friday, March 9, 2018 7:44 PM
    Friday, January 12, 2018 11:10 PM

All replies

  • You can't with PS CmdLets.  Use the vendors instructions.


    \_(ツ)_/

    Thursday, January 11, 2018 9:36 PM
  • You can't use a pgp public key file with ConvertTo-SecureString -Key or -SecureKey. Read the documentation.

    -- Bill Stewart [Bill_Stewart]

    Thursday, January 11, 2018 9:41 PM
  • Do you know how else I can do it? These are for Windows servers..
    Friday, January 12, 2018 10:21 PM
  • PowerShell provides the tools. Perhaps you're not understanding them. What's your specific question?

    -- Bill Stewart [Bill_Stewart]

    Friday, January 12, 2018 10:55 PM
  • Store the cert in the store and use it to encrypt the password.  The issue is not a scripting issue.  You will have to use external encryption methods.

    See: https://powershell.org/forums/topic/encrypting-files-using-pgp-and-public-keys-with-powershell/


    \_(ツ)_/

    Friday, January 12, 2018 11:06 PM
  • The question was about how to securely store a password. You can use DPAPI (no -Key or -SecureKey parameter to ConvertFrom-SecureString and ConvertTo-SecureString - can only decrypt on same computer with same user account), or you can use AES (requires use of -Key or -SecureKey parameter). Export-CliXml and Import-CliXml technique on PowerShell 3.0 and later uses DPAPI (it has no -Key or -SecureKey parameters).


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Bill_Stewart Wednesday, January 17, 2018 10:13 PM
    • Marked as answer by Bill_Stewart Friday, March 9, 2018 7:44 PM
    Friday, January 12, 2018 11:10 PM