GetNetworkCredential difficulties

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

jsira2003@yahoo.com wrote: Sat Jan 26, 2019 1:28 pm I executed my code with your error catching. I will see if I can catch error before packaging as you said in the ps studio. From what I read it seems as if the expected byte counts are off in the Encrypted string.

This is tricky stuff
John
No. The byte array for the key is wrong.

Be sure you can decrypt your strings using your key at a command prompt.
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

First all let me say I appreciate all your help! I saw the many listing on the web regarding this ugly error. It certainly is ugly. The thing I cannot wrap my head around is the following:

It does not work as a packaged app. Yet is work perfectly in ise. As you can see once the function has the file and the key we are off to the races! I am perplexed why it would work in one area and not the other area. The same function, the same key with the same file and different results! I am also using this is another app with good results as well. In this other packaged app it seems to be working reliably.

I am thinking to try a .net function that will import the file into an array within the package. It must be the handling of the file in the package that is causing there to be a difference in the array containing the data. I tried to use options of get-content like raw and only changed the error message.

I am still stuck with padding is invalid and cannot be removed. I am reading up on the web for clues. There are alot of dead ends.

This fix is extremely important to my application. I have to get this resolved. I still feel like I'm missing something. I think this the kind of error if you don't figure out the correct resolve it will come back and bite you!

Once again your work is appreciated!

John
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

I reread your email about the byte array begins wrong. I have an array of 32 bytes with values from 0 to 255 e.g.

$global:byteArray = (25, 200, 48, ...)

Is there any problem here?

Thanks,
John
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Start by showing us how you encrypted your strings.
User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

This is geared for multiple apps. I embed key in the app for a particular version.

The call

EncryptUserData $startDate $endDate $textboxuuid.Text $textboxipaddress.Text $Program $version $file


The encrypt function

Function EncryptUserData([string]$startDate, [string]$endDate, [string]$uuid, [string]$ipaddress, `
[string]$global:Application, [string]$global:Version, [string]$file)
{
#use appropriate key for program and version
IF( $global:Application -match "DC Motor Gyrations" -and $global:version -eq "1" )
#IF ($textboxFile.Text -match 'dcMotorG1')
{
$key = $global:dcMotorG1
}
ELSE
{
IF ($global:Application -match "LiLHash" -and $global:Version -match "1")
#IF ($textboxFile.Text -match 'LilHash1')
{
$key = $global:LilHash1
}

}
IF (Test-Path $file)
{
remove-item $file
}
for ($i = 0; $i -LT 6; $i++)
{
Switch ($i)
{
0 { $line = $startDate; break }
1 { $line = $endDate; break }
2 { $line = $ipaddress; break }
3 { $line = $uuid; break }
4 { $line = $global:Application; break }
5 { $line = $global:Version; break }

}
$linesecured = $line | ConvertTo-SecureString -AsPlainText -Force
$Encrypted = ConvertFrom-SecureString -SecureString $linesecured -Key ($key)
$Encrypted | add-Content $file
$Secure2 = Get-Content $file | ConvertTo-SecureString -Key ($key)
}
}
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

You are encrypting the whole file? You need to decrypt using the same method.

This does not encrypt passwords. It appears to encrypt all kinds of other things.

Here is the whole round trip to encrypt and decrypt with a key.

Code: Select all

# create a key
$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')

# encrypt password
$line = 'password123'
$linesecured = $line | ConvertTo-SecureString -AsPlainText -Force
$Encrypted = ConvertFrom-SecureString -SecureString $linesecured -Key $key

# decrypt with same key
$Secure2 = $Encrypted | ConvertTo-SecureString -Key $Key
([System.Management.Automation.PSCredential]::New('N/A', $Secure2)).GetNetworkCredential().Password
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

The following works fine for me and is easier and better code design.

Code: Select all


Function DecryptUserKey{
    #requires -Version 3
    Param(
        [string]$File,
        [byte[]]$Key
    )
    
    $ErrorActionPreference = 'Stop'
    
    Try{
        Get-Content $File |
            ForEach-Object{
                $ss = $_ | ConvertTo-SecureString -Key $Key
                ([System.Management.Automation.PSCredential]::New('N/A', $ss)).GetNetworkCredential().Password
            }
    }
    Catch{
        [System.Windows.Forms.MessageBox]::Show($_)
    }
    
}

# (get-credential).password | ConvertFrom-SecureString | set-content "C:\Passwords\password.txt"
$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')

$decryripted = DecryptUserKey -File .\password.txt -Key $key
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Here is how to create a test file with correct contents:

Code: Select all

$Key = [system.Text.Encoding]::UTF8.GetBytes('1234561234567890')
'password1','password2','password3' | 
    ConvertTo-SecureString -AsPlainText -force | 
    ConvertFrom-SecureString -Key $Key |
    Out-File .\password.txt
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: GetNetworkCredential difficulties

Post by jvierra »

Here is a good way to create valid and storable keys. Note that keys require 16,24 0r 32 byte arrays and the array must be filled. This method guarantees that key length and character fill will be correct.

Code: Select all

# generate a custom key with correct length
$keyLength = 16 # valid values are 16,24,32
$EncryptKey = [byte[]]::New($keyLength)
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($EncryptKey)
$EncryptKey
# to get the string value
[system.Text.Encoding]::UTF8.GetString($EncryptKey)
# we would normally save this in the registry as a local encrypted (secure) string
# Each account would have to install the key into the registry once.

User avatar
jsira2003@yahoo.com
Posts: 117
Last visit: Tue Jul 11, 2023 6:18 am

Re: GetNetworkCredential difficulties

Post by jsira2003@yahoo.com »

I am encrypting an entire file of anywhere between 6 and 19 lines at most. I will read all your posts! I have my work cut out for me digesting it all.

thank you,
John
This topic is 5 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked