Page 2 of 5

Re: GetNetworkCredential difficulties

Posted: Sat Jan 26, 2019 2:15 pm
by jvierra
jsira2003@yahoo.com wrote: Sat Jan 26, 2019 1:28 pm I executed my code with your error catching. I will see if I can catch error before packaging as you said in the ps studio. From what I read it seems as if the expected byte counts are off in the Encrypted string.

This is tricky stuff
John
No. The byte array for the key is wrong.

Be sure you can decrypt your strings using your key at a command prompt.

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 8:01 am
by jsira2003@yahoo.com
First all let me say I appreciate all your help! I saw the many listing on the web regarding this ugly error. It certainly is ugly. The thing I cannot wrap my head around is the following:

It does not work as a packaged app. Yet is work perfectly in ise. As you can see once the function has the file and the key we are off to the races! I am perplexed why it would work in one area and not the other area. The same function, the same key with the same file and different results! I am also using this is another app with good results as well. In this other packaged app it seems to be working reliably.

I am thinking to try a .net function that will import the file into an array within the package. It must be the handling of the file in the package that is causing there to be a difference in the array containing the data. I tried to use options of get-content like raw and only changed the error message.

I am still stuck with padding is invalid and cannot be removed. I am reading up on the web for clues. There are alot of dead ends.

This fix is extremely important to my application. I have to get this resolved. I still feel like I'm missing something. I think this the kind of error if you don't figure out the correct resolve it will come back and bite you!

Once again your work is appreciated!

John

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 8:27 am
by jsira2003@yahoo.com
I reread your email about the byte array begins wrong. I have an array of 32 bytes with values from 0 to 255 e.g.

$global:byteArray = (25, 200, 48, ...)

Is there any problem here?

Thanks,
John

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 9:22 am
by jvierra
Start by showing us how you encrypted your strings.

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 10:40 am
by jsira2003@yahoo.com
This is geared for multiple apps. I embed key in the app for a particular version.

The call

EncryptUserData $startDate $endDate $textboxuuid.Text $textboxipaddress.Text $Program $version $file


The encrypt function

Function EncryptUserData([string]$startDate, [string]$endDate, [string]$uuid, [string]$ipaddress, `
[string]$global:Application, [string]$global:Version, [string]$file)
{
#use appropriate key for program and version
IF( $global:Application -match "DC Motor Gyrations" -and $global:version -eq "1" )
#IF ($textboxFile.Text -match 'dcMotorG1')
{
$key = $global:dcMotorG1
}
ELSE
{
IF ($global:Application -match "LiLHash" -and $global:Version -match "1")
#IF ($textboxFile.Text -match 'LilHash1')
{
$key = $global:LilHash1
}

}
IF (Test-Path $file)
{
remove-item $file
}
for ($i = 0; $i -LT 6; $i++)
{
Switch ($i)
{
0 { $line = $startDate; break }
1 { $line = $endDate; break }
2 { $line = $ipaddress; break }
3 { $line = $uuid; break }
4 { $line = $global:Application; break }
5 { $line = $global:Version; break }

}
$linesecured = $line | ConvertTo-SecureString -AsPlainText -Force
$Encrypted = ConvertFrom-SecureString -SecureString $linesecured -Key ($key)
$Encrypted | add-Content $file
$Secure2 = Get-Content $file | ConvertTo-SecureString -Key ($key)
}
}

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 11:09 am
by jvierra
You are encrypting the whole file? You need to decrypt using the same method.

This does not encrypt passwords. It appears to encrypt all kinds of other things.

Here is the whole round trip to encrypt and decrypt with a key.

Code: Select all

# create a key
$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')

# encrypt password
$line = 'password123'
$linesecured = $line | ConvertTo-SecureString -AsPlainText -Force
$Encrypted = ConvertFrom-SecureString -SecureString $linesecured -Key $key

# decrypt with same key
$Secure2 = $Encrypted | ConvertTo-SecureString -Key $Key
([System.Management.Automation.PSCredential]::New('N/A', $Secure2)).GetNetworkCredential().Password

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 11:19 am
by jvierra
The following works fine for me and is easier and better code design.

Code: Select all


Function DecryptUserKey{
    #requires -Version 3
    Param(
        [string]$File,
        [byte[]]$Key
    )
    
    $ErrorActionPreference = 'Stop'
    
    Try{
        Get-Content $File |
            ForEach-Object{
                $ss = $_ | ConvertTo-SecureString -Key $Key
                ([System.Management.Automation.PSCredential]::New('N/A', $ss)).GetNetworkCredential().Password
            }
    }
    Catch{
        [System.Windows.Forms.MessageBox]::Show($_)
    }
    
}

# (get-credential).password | ConvertFrom-SecureString | set-content "C:\Passwords\password.txt"
$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')

$decryripted = DecryptUserKey -File .\password.txt -Key $key

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 11:25 am
by jvierra
Here is how to create a test file with correct contents:

Code: Select all

$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')
'password1','password2','password3' | 
    ConvertTo-SecureString -AsPlainText -force | 
    ConvertFrom-SecureString -Key $Key |
    Out-File .\password.txt

Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 12:43 pm
by jvierra
Here is a good way to create valid and storable keys. Note that keys require 16,24 0r 32 byte arrays and the array must be filled. This method guarantees that key length and character fill will be correct.

Code: Select all

# generate a custom key with correct length
$keyLength = 16 # valid values are 16,24,32
$EncryptKey = [byte[]]::New($keyLength)
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($EncryptKey)
$EncryptKey
# to get the string value
[system.Text.Encoding]::UTF8.GetString($EncryptKey)
# we would normally save this in the registry as a local encrypted (secure) string
# Each account would have to install the key into the registry once.


Re: GetNetworkCredential difficulties

Posted: Sun Jan 27, 2019 4:53 pm
by jsira2003@yahoo.com
I am encrypting an entire file of anywhere between 6 and 19 lines at most. I will read all your posts! I have my work cut out for me digesting it all.

thank you,
John