Today I want to show you a small PowerShell snippet that I created for a webinar for AvePoint. It’s a webinar in German language about the DocAve module “Content Manager”.
The snippet will show you how to store a encrypted password in a plain text file.
Therefore I use some Windows OS APIs that are accessible in .NET:
This encapsulates the “Data Protection API” of Windows: http://msdn.microsoft.com/en-us/library/ms995355.aspx
With the methods of this class you are able to encrypt and decrypt data very easily, either in the context of the current user or in the context of the local machine.
The encrypted data can only be decrypted on the same machine in the same context as where they were encrypted.
Very easy and handy. It is NOT EASY BUT POSSIBLE to decrypt it on another machine. Just read the article mentioned above, especially the section “DPAPI Security” (http://msdn.microsoft.com/en-us/library/ms995355.aspx#windataprotection-dpapi_topic04).
It is DocAve specific but of course you can modify it for your own purpose.
Here is the Script:
<## Created by Ingo Karstein https://blog.kenaro.com ##> #Load Modules and Assemblies Import-Module-Name "C:\program files\AvePoint\DocAve6\Shell\DocAveModules\DocAveModule" -DisableNameChecking [System.Reflection.Assembly]::LoadWithPartialName("System.Security") | Out-Null #Current folder of script $path = Split-Path $MyInvocation.MyCommand.Path #Config values $docavemanageruser = "admin" $docavemanagerserver = "kcdevsqlexch1" $docavemanagerport = 14000 #Read password from file or get it from user and store it into a file if( [string]::IsNullOrEmpty($docavepwd) ) { if( Test-Path "$($path)\pwd.txt" ) { $data= [System.Convert]::FromBase64String((Get-Content "$($path)\pwd.txt" -Encoding UTF8)) $global:docavepwd = [System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect($data, (123,54,67,89,12,32,146), "CurrentUser")) } else { $global:docavepwd = Read-Host "Enter AvePoint ""$($docavemanageruser)"" password" $data= [System.Security.Cryptography.ProtectedData]::Protect( ([System.Text.Encoding]::UTF8.GetBytes($docavepwd)) ,(123,54,67,89,12,32,146), "CurrentUser") [System.Convert]::ToBase64String($data) | Set-Content "$($path)\pwd.txt" -Encoding UTF8 -Force } } #exit if no password if( [string]::IsNullOrEmpty($docavepwd) ) { exit } $success=$false #check if already logged in into DocAve try { $success= (Get-DALocalUser -ErrorAction 0) -ne $null if( !$? ) { $success=$false } } catch { $success=$false } #If not already logged in: Login using credentials if( !$success ) { $cred = New-Object System.Management.Automation.PSCredential( $docavemanageruser, (ConvertTo-SecureString -Force -AsPlainText $docavepwd)) Login-DAManager -ControlHost $docavemanagerserver -ControlPort $docavemanagerport -Credential $cred if( $? -eq $false ) { exit } }
