Using AES encryption in PowerShell

In the previous article we learned how to use AES key to generate SecureString in different user account and workstations. We need to protect the key from the illegal decryption of data protection.

In the previous example, I used a very simple 16-byte array to store the body of the script itself. This is not a good practice, which is essentially the same as your password in plaintext. Or you can generate a key in an isolated script in advance.

As an example, I have built a small script to generate a random 16-byte array. I populate a byte array with randomly generated data from the System.Security.Cryptography.RNGCryptoServiceProvider class.

Creating AES key with the random data and export to file

$KeyFile = "\\SHSV2019\SharePath\AES.key" $Key = New-object byte[] #You can use, +, or for Aes[security.crypto Graphy. Rngcryptoserviceprovider]::create (). GetBytes ($Key) $Key | Out-file $KeyFile

Creating SecureString Object

$PasswordFile = "\\SHSV2019\SharePath\Password.txt" $KeyFile = "\\SHSV2019\SharePath\AES.key" $Key = get-content $ keyfile# $Password = "[email protected]" | Convertto-securestring-asplaintext-force$password | Convertfrom-securestring-key $Key | Out-file $PasswordFile

Creating Pscredential Object

$User = "Contoso\jason" $PasswordFile = "\\SHSV2019\SharePath\Password.txt" $KeyFile = "\\SHSV2019\SharePath\AES.key" $ Key = get-content $KeyFile $mycredential = New-object-typename system.management.automation.pscredential-argumentlist $User, (get-content $PasswordFile | Convertto-securestring-key $Key)

1. Add Domain Script

$User = "Contoso\jason" $PasswordFile = "\\SHSV2019\SharePath\Password.txt" $KeyFile = "\\SHSV2019\SharePath\AES.key" $ Key = get-content $KeyFile $mycredential = New-object-typename system.management.automation.pscredential-argumentlist $User, (get-content $PasswordFile | Convertto-securestring-key $Key) Add-computer-domainname contoso.com-credential $MyCredential

Save the above domain script as "joindomain.ps1" by right-clicking on "Run with PowerShell"

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/8A/AF/wKioL1g33wmxHDsrAAC1va_JiE8034.png "title=" 1125. PNG "alt=" Wkiol1g33wmxhdsraac1va_jie8034.png "/>

After execution, the system prompts for a reboot to take effect.

2. Fallback script

$User = "Contoso\jason" $PasswordFile = "\\SHSV2019\SharePath\Password.txt" $KeyFile = "\\SHSV2019\SharePath\AES.key" $ Key = get-content $KeyFile $mycredential = New-object-typename system.management.automation.pscredential-argumentlist $User, (get-content $PasswordFile | Convertto-securestring-key $Key) remove-computer-unjoindomaincredential $MyCredential-passthru-verbose-restart

Save the above fallback domain script as "unjoindomain.ps1" and right-click to execute "Run with PowerShell"

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8A/AF/wKioL1g33-XjyeHDAAD4sYjhibg461.png "title=" 1126. PNG "alt=" Wkiol1g33-xjyehdaad4syjhibg461.png "/>

After execution, it will be restarted automatically and the entire fallback process is complete.

This article is from the "Daniels Technology den" blog, please be sure to keep this source http://daniel1205.blog.51cto.com/848115/1876581

Using AES encryption in PowerShell