I have a module that includes some strings with some private data that should be hard to attain, but changes frequently. I need to put this script on a variety of machines where it might be accessed and the code read by someone who should not have the information used to derive the output.
I'm really concerned about strings that change from time to time so I'm considering creating a script which prompts for those values as secure strings and encrypts them using a key and dumps them into an xml file. The XML file then is used to provide the strings. Anyone running a command from this module that needs that data would have to provide the key so the strings could be decrypted.
Here is basically what I expect to do, but I'll be dealing with objects
$secure = Read-Host -AsSecureString
$encrypted = ConvertFrom-SecureString -securestring $secure -key somekey
$encrypted | Export-Clixml testing.xml
$imported = Import-Clixml testing.xml
$value = ConvertTo-SecureString -string $imported -key somekey
I understand that the string will be encrypted using the Rijndael encryption algorithm, which is also known as AES I believe.
How much effort is needed to break that encrypted key where it rests in the xml file, given access to the script?