GetNetworkCredential difficulties

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

The following function works well in the powershell ise. I supply the encrypted file. I get an a userkey array returned. Works like a champ. If I work this within my application built by powershell studio the following line returns nothing:

$Secure2 = $aline | ConvertTo-SecureString -Key ($key)

I have not included the byte array for the keys intentionally. I have validated this function at everypoint within it observing the values of the variables and the arrays. The point of failure is the line above. The file gets read it correctly. The line gets passed in correctly to the convertto-securestring but returns nothing in the powershell studio app but works great in ps ise.
At the end of the function I have an array strings I can use in the global variable.

Function DecryptUserKey([string]$file)
{
#use decryption key for program/version
#use appropriate key for program and version

#$key = $global:programA
$key = $global:ProgramB

#read back decrypted from file
$global:userKey = @()
$alllines = Get-Content $file

foreach ($aline in $alllines)
{

$Secure2 = $aline | ConvertTo-SecureString -Key ($key)
$line = (New-Object System.Management.Automation.PSCredential 'N/A', Secure2).GetNetworkCredential().Password
$global:userKey += $line


}

}

Any ideas here? Any suggestions? What did I do incorrectly? Is there an alternate encryption decryption method you can recommend?

Thanks in advance,
John
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Try testing for errors and report them. Exceptions in a form can be lost.

Code: Select all

Function DecryptUserKey([string]$file){
    
    $ErrorActionPreference = 'Stop'
    Try{
        #use decryption key for program/version
        #use appropriate key for program and version
        
        #$key = $global:programA
        $key = $global:ProgramB
        
        #read back decrypted from file
        $global:userKey = @()
        $alllines = Get-Content $file
        
        foreach ($aline in $alllines) {
            
            $Secure2 = $aline | ConvertTo-SecureString -Key $key
            $line = (New-Object System.Management.Automation.PSCredential 'N/A', Secure2).GetNetworkCredential().Password
            $global:userKey += $line
            
            
        }
    }
    Catch{
        [System.Windows.Forms.MessageBox]::Show($_)
    }
    
}
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Actually there are some issue with your code. The following works correctly:

Code: Select all

Function DecryptUserKey([string]$file){
    
    $ErrorActionPreference = 'Stop'
    Try{
        #use decryption key for program/version
        #use appropriate key for program and version
        
        $key = $global:programA
        $key = $global:ProgramB
        
        $global:userKey = @()
        
        #read back decrypted from file
        $alllines = Get-Content $file
        foreach ($aline in $alllines) {
            $Secure2 = $aline | ConvertTo-SecureString -Key $key
            $global:userKey += ([System.Management.Automation.PSCredential]::New('N/A', $Secure2)).GetNetworkCredential().Password
        }
        
    }
    Catch{
        [System.Windows.Forms.MessageBox]::Show($_)
    }
    
}
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

I take it the erroractionpreference stop will stop function if an error is encounter after reporting message.
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

I now have an error message. I am not sure why I have it but I think I'm going to learn more today. The message is: padding is invalid and cannot be removed

At this point I am not sure where to adjust it. From what I read the padding should be the same on both the encrypting and decrypting side.

If you know the answer it would be great!

thanks,
John
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

jsira2003@yahoo.com wrote: Sat Jan 26, 2019 12:29 pm I take it the erroractionpreference stop will stop function if an error is encounter after reporting message.
No it does not stop the function. It just causes and CmdLet to throw an exception that can be caught by a Try/Catch block. In this case the block causes the function to exit when there is an exception. The API calls will also cause an exception that is trapped by the "Catch" block.

See: help about_try_catch
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

jsira2003@yahoo.com wrote: Sat Jan 26, 2019 12:56 pm I now have an error message. I am not sure why I have it but I think I'm going to learn more today. The message is: padding is invalid and cannot be removed

At this point I am not sure where to adjust it. From what I read the padding should be the same on both the encrypting and decrypting side.

If you know the answer it would be great!

thanks,
John
What code did you execute to get this message? If you inspect the compete error by reviewing the error stack it will tell you the issue.

Make this run correctly as a PS1 file and fix all errors before trying to package it.
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

I executed my code with your error catching. I will see if I can catch error before packaging as you said in the ps studio. From what I read it seems as if the expected byte counts are off in the Encrypted string.

This is tricky stuff
John
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Here is a much better design for your code:

Code: Select all

Function DecryptUserKey{
    #requires -Version 3
    Param(
        [string]$File,
        [byte[]]$Key
    )
    
    $ErrorActionPreference = 'Stop'
    
    Try{
        $alllines = Get-Content $File
        
        foreach ($aline in $alllines) {
            $Secure2 = $aline | ConvertTo-SecureString -Key $Key
            ([System.Management.Automation.PSCredential]::New('N/A', $Secure2)).GetNetworkCredential().Password
        }
        
    }
    Catch{
        [System.Windows.Forms.MessageBox]::Show($_)
    }
    
}
The key not be saved in the code. You should save it in the registry and retrieve it when needed. This code also makes changing the key easier.

Note that there are no external dependencies in the function. It is called like this:

$userKey = DecryptUserKey -file <yourfile> -Key <your byte array>
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Here it is tested with my file and a blank key. I recommend starting with the default system key and once that works try adding a key. The function will tell you what is wrong with the key.
sapien3.png
sapien3.png (49.06 KiB) Viewed 3226 times
This topic is 5 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked