我需要创建一组可移植的密钥文件和密码文件,以允许多个基于Windows的系统使用同一组凭据。
我正在使用此脚本创建密钥文件和加密密码文件:
#==========================================================================
#
# Define variables
$Directory = "C:\some_path\Powershell_Scripts"
$KeyFile = Join-Path $Directory "AES_KEY_FILE.key"
$PasswordFile = Join-Path $Directory "AES_PASSWORD_FILE.txt"
#
# Text for the console
Write-Host "Enter password and press ENTER:"
$Password = Read-Host -AsSecureString
#
Write-Host ""
#
# Create the AES key file
try {
$Key = New-Object Byte[] 32
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile
$KeyFileCreated = $True
Write-Host "The key file $KeyFile was created successfully"
} catch {
write-Host "An error occurred trying to create the key file $KeyFile (error: $($Error[0])"
}
Start-Sleep 2
# Add the plaintext password to the password file (and encrypt it based on the AES key file)
If ( $KeyFileCreated -eq $True ) {
try {
$Key = Get-Content $KeyFile
$Password = $Password | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile
Write-Host "The key file $PasswordFile was created successfully"
} catch {
write-Host "An error occurred trying to create the password file $PasswordFile (error: $($Error[0])"
}
}
Write-Host ""
write-Host "End of script (press any key to quit)"
这似乎完美无缺。
我使用以下代码使用加密密码附加到远程共享:
$Directory = "C:\some_path\Powershell_Scripts"
$KeyFile = Join-Path $Directory "AES_KEY_FILE.key"
$PasswordFile = Join-Path $Directory "AES_PASSWORD_FILE.txt"
$Username = 'localhost\some_username' # a local Administrator account
try {
$Key = New-Object Byte[] 32
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key = Get-Content $KeyFile
$Password = Get-Content $PasswordFile
$Password = $Password | ConvertTo-SecureString -Key $Key
$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
}
Catch {
'Something bad happened!'
}
New-PSDrive -Credential $MyCredential -PSProvider FileSystem -Root "\\localhost\d$" -name "P"
' New-PSDrive'命令始终导致消息"未找到网络路径。" 当我尝试通过将加密密码转换为PSCredential对象来解密密码时,使用以下命令,
$s = $MyCredential.GetNetworkCredential()
$t = $s.password
$ t仍然是System.Security.SecureString
如果我执行以下操作:
$m = Get-Credential
$n = $m.GetNetworkCredential()
$o = $n.password
然后$ o返回明文密码。
我做错了什么导致System.Security.SecureString而不是提供明文密码?
我确实有正确加密和解密文件密码的代码,但该文件是特定于机器和用户帐户的。它如下:
$runtime = Get-Date -Format ('yyyyMMddHHss')
$PwdFile = 'D:\Some_Folder\Encrypted.PWD'
$Creds = Get-Credential
$SecurePwd = $Creds.Password
$ExportPwd = ConvertFrom-SecureString $SecurePwd
$ExportPwd | Out-File $PwdFile
$TestPwd = Get-Content $PwdFile
$TestSecPwd = $TestPwd | ConvertTo-SecureString
$TestCred = New-Object System.Management.Automation.PSCredential -ArgumentList $Creds.UserName, $TestSecPwd
$TestGetCred = $TestCred.GetNetworkCredential()
$TestClrPwd = $TestGetCred.Password
"The clear text password is " + $TestClrPwd