GetNetworkCredential difficulties

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: GetNetworkCredential difficulties

Post by jvierra » Sat Jan 26, 2019 3:15 pm

jsira2003@yahoo.com wrote:
Sat Jan 26, 2019 2:28 pm
I executed my code with your error catching. I will see if I can catch error before packaging as you said in the ps studio. From what I read it seems as if the expected byte counts are off in the Encrypted string.

This is tricky stuff
John
No. The byte array for the key is wrong.

Be sure you can decrypt your strings using your key at a command prompt.

User avatar
jsira2003@yahoo.com
Posts: 94
Joined: Fri Apr 07, 2017 9:47 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com » Sun Jan 27, 2019 9:01 am

First all let me say I appreciate all your help! I saw the many listing on the web regarding this ugly error. It certainly is ugly. The thing I cannot wrap my head around is the following:

It does not work as a packaged app. Yet is work perfectly in ise. As you can see once the function has the file and the key we are off to the races! I am perplexed why it would work in one area and not the other area. The same function, the same key with the same file and different results! I am also using this is another app with good results as well. In this other packaged app it seems to be working reliably.

I am thinking to try a .net function that will import the file into an array within the package. It must be the handling of the file in the package that is causing there to be a difference in the array containing the data. I tried to use options of get-content like raw and only changed the error message.

I am still stuck with padding is invalid and cannot be removed. I am reading up on the web for clues. There are alot of dead ends.

This fix is extremely important to my application. I have to get this resolved. I still feel like I'm missing something. I think this the kind of error if you don't figure out the correct resolve it will come back and bite you!

Once again your work is appreciated!

John

User avatar
jsira2003@yahoo.com
Posts: 94
Joined: Fri Apr 07, 2017 9:47 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com » Sun Jan 27, 2019 9:27 am

I reread your email about the byte array begins wrong. I have an array of 32 bytes with values from 0 to 255 e.g.

$global:byteArray = (25, 200, 48, ...)

Is there any problem here?

Thanks,
John

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: GetNetworkCredential difficulties

Post by jvierra » Sun Jan 27, 2019 10:22 am

Start by showing us how you encrypted your strings.

User avatar
jsira2003@yahoo.com
Posts: 94
Joined: Fri Apr 07, 2017 9:47 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com » Sun Jan 27, 2019 11:40 am

This is geared for multiple apps. I embed key in the app for a particular version.

The call

EncryptUserData $startDate $endDate $textboxuuid.Text $textboxipaddress.Text $Program $version $file


The encrypt function

Function EncryptUserData([string]$startDate, [string]$endDate, [string]$uuid, [string]$ipaddress, `
[string]$global:Application, [string]$global:Version, [string]$file)
{
#use appropriate key for program and version
IF( $global:Application -match "DC Motor Gyrations" -and $global:version -eq "1" )
#IF ($textboxFile.Text -match 'dcMotorG1')
{
$key = $global:dcMotorG1
}
ELSE
{
IF ($global:Application -match "LiLHash" -and $global:Version -match "1")
#IF ($textboxFile.Text -match 'LilHash1')
{
$key = $global:LilHash1
}

}
IF (Test-Path $file)
{
remove-item $file
}
for ($i = 0; $i -LT 6; $i++)
{
Switch ($i)
{
0 { $line = $startDate; break }
1 { $line = $endDate; break }
2 { $line = $ipaddress; break }
3 { $line = $uuid; break }
4 { $line = $global:Application; break }
5 { $line = $global:Version; break }

}
$linesecured = $line | ConvertTo-SecureString -AsPlainText -Force
$Encrypted = ConvertFrom-SecureString -SecureString $linesecured -Key ($key)
$Encrypted | add-Content $file
$Secure2 = Get-Content $file | ConvertTo-SecureString -Key ($key)
}
}

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: GetNetworkCredential difficulties

Post by jvierra » Sun Jan 27, 2019 12:09 pm

You are encrypting the whole file? You need to decrypt using the same method.

This does not encrypt passwords. It appears to encrypt all kinds of other things.

Here is the whole round trip to encrypt and decrypt with a key.

Code: Select all

# create a key
$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')

# encrypt password
$line = 'password123'
$linesecured = $line | ConvertTo-SecureString -AsPlainText -Force
$Encrypted = ConvertFrom-SecureString -SecureString $linesecured -Key $key

# decrypt with same key
$Secure2 = $Encrypted | ConvertTo-SecureString -Key $Key
([System.Management.Automation.PSCredential]::New('N/A', $Secure2)).GetNetworkCredential().Password

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: GetNetworkCredential difficulties

Post by jvierra » Sun Jan 27, 2019 12:19 pm

The following works fine for me and is easier and better code design.

Code: Select all


Function DecryptUserKey{
    #requires -Version 3
    Param(
        [string]$File,
        [byte[]]$Key
    )
    
    $ErrorActionPreference = 'Stop'
    
    Try{
        Get-Content $File |
            ForEach-Object{
                $ss = $_ | ConvertTo-SecureString -Key $Key
                ([System.Management.Automation.PSCredential]::New('N/A', $ss)).GetNetworkCredential().Password
            }
    }
    Catch{
        [System.Windows.Forms.MessageBox]::Show($_)
    }
    
}

# (get-credential).password | ConvertFrom-SecureString | set-content "C:\Passwords\password.txt"
$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')

$decryripted = DecryptUserKey -File .\password.txt -Key $key

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: GetNetworkCredential difficulties

Post by jvierra » Sun Jan 27, 2019 12:25 pm

Here is how to create a test file with correct contents:

Code: Select all

$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')
'password1','password2','password3' | 
    ConvertTo-SecureString -AsPlainText -force | 
    ConvertFrom-SecureString -Key $Key |
    Out-File .\password.txt

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: GetNetworkCredential difficulties

Post by jvierra » Sun Jan 27, 2019 1:43 pm

Here is a good way to create valid and storable keys. Note that keys require 16,24 0r 32 byte arrays and the array must be filled. This method guarantees that key length and character fill will be correct.

Code: Select all

# generate a custom key with correct length
$keyLength = 16 # valid values are 16,24,32
$EncryptKey = [byte[]]::New($keyLength)
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($EncryptKey)
$EncryptKey
# to get the string value
[system.Text.Encoding]::UTF8.GetString($EncryptKey)
# we would normally save this in the registry as a local encrypted (secure) string
# Each account would have to install the key into the registry once.


User avatar
jsira2003@yahoo.com
Posts: 94
Joined: Fri Apr 07, 2017 9:47 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com » Sun Jan 27, 2019 5:53 pm

I am encrypting an entire file of anywhere between 6 and 19 lines at most. I will read all your posts! I have my work cut out for me digesting it all.

thank you,
John

Locked