working with passwords in powershell part 2 – the decryption

The estimated reading time 2 minutes

NOTE: See also working with passwords in powershell part 1 and working with passwords in powershell prolog

After you created these two files there is of course a possibility to get your password to plain text again.

First you need to convert your files to secure string, so powershell can work with it.

>>DOWNLOAD password reconvert script<<

The script also supports verbose, so you can better see what it does.

Basics:

$key = (Get-Content "C:\temp\credtest\aeskey.key")
$password = Get-Content "C:\temp\credtest\password.txt" | ConvertTo-SecureString -Key $key
$temp = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temp)
$PlainPassword

This is the basic of my script reconverting the password in clear text.

function Get-ClearPassword {
    
    [CmdletBinding(SupportsShouldProcess = $True)]
    param (
        [Parameter(Mandatory= $true)]
        [string]
        $credfile,
        [Parameter(Mandatory= $true)]
        [string]
        $encryptfile,
        [Parameter(Mandatory = $false)]
        [ValidateSet("YES","NO")]
        [string]$StorePWClipboard
        )
        #whatif case
        If ($WhatIfPreference) {
            Write-Verbose "Getting content from file: $encryptfile"
            Write-output "password = Get-Content "$credfile" | ConvertTo-SecureString -Key (Get-Content "$encryptfile")"
            Write-Verbose "Showing plain password in console"
            Write-Output "plain password:<< SHOWING YOUR PLAIN TRANSLATED PASSWORD >>"
            Write-Verbose "Clearing variable with plain password"
        }
        else {
            Write-Verbose "Getting content from file: $encryptfile"
            #loading key
            $key = (Get-Content "$encryptfile")
            Write-Verbose "Encypting $credfile with encryption file $encryptfile to secure string."  
            #loading password
            $password = Get-Content "$credfile" | ConvertTo-SecureString -Key $key
            #see also https://techibee.com/powershell/convert-system-security-securestring-to-plain-text-using-powershell/2599
            Write-Verbose "Converting securestring to plain password"
            #converting securestring back to plain
            $temp = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
            $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temp)
            Write-Verbose "Showing plain password in console"
            Write-Output "plain password:<< $PlainPassword >>"
            #storing password in clipboard
            if ($StorePWClipboard -eq "YES")
            {
                #https://www.powershellmagazine.com/2013/11/13/pstip-clear-clipboard-content/
                Set-Clipboard -Value "$PlainPassword"
                Write-Verbose "Clearing variable with plain password"
                $PlainPassword = $null
                $temp = $null
                $password = $null
                $key = $null
                Write-Output "Waiting 60 seconds for clearing password from clipboard..., please do NOT terminate the script!"
                Start-Sleep -Seconds 60
                #clear clipboard after 30 seconds
                Write-Verbose "Clearing Clipboard after 60 seconds"
                Add-Type -AssemblyName System.Windows.Forms
                [System.Windows.Forms.Clipboard]::Clear()
                
            }
            #clearing all variables
            Write-Verbose "Clearing variable with plain password"
            $PlainPassword = $null
            $temp = $null
            $password = $null
            $key = $null 
        }

Have fun with renconverting your password back to plain text. If there are some questions don’t hesitate to ask. If you liked the script /article please click on helpful.

LINK: working with passwords in powershell part 1