0

Actually i'm decrypting strings that i've created with powershell in c#.

I create the SecureString with following Powershell command:

ConvertTo-SecureString -String "TopSecret" -AsPlainText -Force | ConvertFrom-SecureString

I decrypt the SecureString with following C# code:

        string exportedData = string.Empty;
        bool SecureStringOK = true;

        try
        {
            // Read args[0] to string
            exportedData = args[0];
        }
        catch (System.IndexOutOfRangeException)
        {
            Console.WriteLine("NO_SECURESTRING");
            Debug.WriteLine("NO_SECURESTRING");
            SecureStringOK = false;
        }

        if (SecureStringOK)
        {

            // Decrypt the byte array to Unicode byte array
            try
            {
                // Remove all new-lines
                exportedData = exportedData.Replace(Environment.NewLine, "");

                // Convert the hex dump to byte array
                int length = exportedData.Length / 2;
                byte[] encryptedData = new byte[length];
                for (int index = 0; index < length; ++index)
                {
                    encryptedData[index] = byte.Parse(exportedData.Substring(2 * index, 2), NumberStyles.HexNumber, CultureInfo.InvariantCulture);
                }

                byte[] data = ProtectedData.Unprotect(encryptedData, (byte[])null, DataProtectionScope.CurrentUser);

                // Convert Unicode byte array to string
                string password = Encoding.Unicode.GetString(data);

                // Write Output
                Console.WriteLine(password);
                Debug.WriteLine(password);
            }
            catch (System.Security.Cryptography.CryptographicException)
            {
                Console.WriteLine("WRONG_SECURESTRING: " + args[0]);
                Debug.WriteLine("WRONG_SECURESTRING: " + args[0]);
            }
            catch (System.FormatException)
            {
                Console.WriteLine("WRONG_SECURESTRING_FORMAT: " + args[0]);
                Debug.WriteLine("WRONG_SECURESTRING_FORMAT: " + args[0]);
            }

        }

This works fine in both direction, but now i create the SecureString in Powershell with my own key file:

ConvertTo-SecureString -String "TopSecret" -AsPlainText -Force | ConvertFrom-SecureString -Key $KeyPath

Any ideas what i've to change in the c# code to use a specific key file?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
BetaWayOfLife
  • 41
  • 5

1 Answers1

0

When specifying a key, PowerShell encrypts using the System.Security.Cryptography.Aes-class instead of ProtectedData, so you need to quite a few changes.

If an encryption key is specified by using the Key or SecureKey parameters, the Advanced Encryption Standard (AES) encryption algorithm is used. The specified key must have a length of 128, 192, or 256 bits, because those are the key lengths supported by the AES encryption algorithm. If no key is specified, the Windows Data Protection API (DPAPI) is used to encrypt the standard string representation.

ConvertFrom-SecureString @ TechNet

Personally, I would use the ConvertTo-SecureString-cmdlet in C# to avoid reinventing the wheel.

See Aes Constructor @ MSDN and this previous SO-question for C#-solution.

Community
  • 1
  • 1
Frode F.
  • 52,376
  • 9
  • 98
  • 114