I have below code which works without any error.
SaveKeyPass.ps1
$key = "1234567891234567"
$textPassword = "securekey-textpassword"
$securePassword = ConvertTo-SecureString $textPassword -AsPlainText -Force
$secureKey = ConvertTo-SecureString $Key -AsPlainText -Force
$encryptedKey = ConvertFrom-SecureString $SecureKey -Key (1..16)
$encryptedPassword = ConvertFrom-SecureString $SecurePassword -SecureKey $decryptedSecureKeyFromFile
$encryptedKey | Out-File "C:\temp\securekey-enckey.txt"
$encryptedPassword | Out-File "C:\temp\securekey-encpass.txt"
Write-Host "Key: $Key"
Write-Host "Text Password: $textPassword"
Write-Host "Encrypted Password: $encryptedPassword"
Write-Host "Encrypted Key: $encryptedKey"
GetKeyPass.ps1
$key = ""
$textPassword = ""
$encryptedPasswordFromFile = ""
$encryptedKeyFromFile = ""
$secureDecryptedPassword = ""
$BSTR1= ""
$BSTR2= ""
$encryptedKeyFromFile = Get-Content "C:\temp\securekey-enckey.txt"
$encryptedPasswordFromFile = Get-Content "C:\temp\securekey-encpass.txt"
$secureDecryptedKey = ConvertTo-SecureString $encryptedKeyFromFile -Key (1..16)
$secureDecryptedPassword = ConvertTo-SecureString $encryptedPasswordFromFile -SecureKey $secureDecryptedKey
$BSTR1 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureDecryptedPassword)
$textPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR1)
$BSTR2 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureDecryptedKey)
$key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR2)
Write-Host "Key: $key"
Write-Host "Text Password: $textPassword"
Write-Host "Encrypted Password: $encryptedPasswordFromFile"
Write-Host "Encrypted Key: $encryptedKeyFromFile"
Issue 1:
If I change first line (only last digit changed from 7 to 8) in SaveKeyPass.ps1 to and execute this script
$key = "1234567891234568"and subsequently execute GetKeyPass.ps1 I get this error
ConvertTo-SecureString : Padding is invalid and cannot be removed. At [**]:11 char:28
Issue 2:
If I change first line (key length changed from 16 bytes to 32 bytes) in SaveKeyPass.ps1 to and execute this script
$key = "12345678912345671234567891234567"and subsequently execute GetKeyPass.ps1 I get this error
The specified key is not valid. Valid key length settings are either 128 bits, 192 bits, or 256 bits. At [**]:11 char:28
I am really clueless on what is going on? In issue 1 only one digit is changed , so not sure where from padding exception is thrown. In issue 2 I have 32 byte (256 bits) key, but the exception is complaining about incorrect length of key.
Any help would be appreciated. Thanks for reading!
Thanks Martin and Djarid for the spot, I have corrected the line 11 in SaveKeyPass.ps1 to
$encryptedPassword = ConvertFrom-SecureString $SecurePassword -SecureKey $secureKey
Which has resolved Issue 1 fully and Issue 2 partially. For Issue 2:
I noticed that 1 char/digit in key is 16 bits (possibly on my 64 bit machines) that means "12345678912345671234567891234567" is 512 bits instead of 256 bits which I assumed thinking 1 char/digit is of 8 byte. Therefore this breaches the max length requirement of the key and fails.
That means If I provide 8,12,16 chars in key they are 128 bits, 192 bits, and 256 bits respectively.