Info about ConvertFrom-SecureString

Question

I am trying to figure out how to the code reported below works.

$number =+313331234568
$key = [System.Text.Encoding]::Unicode.GetBytes('9999b9bc-99a9-99e9-b999-999f9a999c9d')
$s = ConvertTo-SecureString -String $number -AsPlainText -Force | ConvertFrom-SecureString -Key $key[1..32]
return $s

Please, can you help me to understand how to code reported works?

It's not very clear how the value in the brackets after the key is used against the byte array obtained from Write-Host $key, this is the output:

57 0 57 0 57 0 57 0 98 0 57 0 98 0 99 0 45 0 57 0 57 0 97 0 57 0 45 0 57 0 57 0 101 0 57 0 45 0 98 0 57 0 57 0 57 0 45 0 57 0 57 0 57 0 102 0 57 0 97 0 57 0 57 0 57 0 99 0 57 0 100 0

PS C:\Users\admin> Write-Host $key
57 0 57 0 57 0 57 0 98 0 57 0 98 0 99 0 45 0 57 0 57 0 97 0 57 0 45 0 57 0 57 0 101 0 57 0 45 0 98 0 57 0 57 0 57 0 45 0 57 0 57 0 57 0 102 0 57 0 97 0 57 0 57 0 57 0 99 0 57 0 100 0
PS C:\Users\admin> $keym = (57 ,57 ,57 ,57 ,98 ,57 ,98 ,99 ,45 ,57 ,57 ,97 ,57 ,45 ,57 ,57 ,101 ,57 ,45 ,98 ,57 ,57 ,57 ,45 ,57 ,57 ,57 ,102 ,57 ,97 ,57 ,57 ,57 ,99 ,57 ,100)
PS C:\Users\admin> $s = ConvertTo-SecureString -String $number -AsPlainText -Force | ConvertFrom-SecureString -Key $keym
ConvertFrom-SecureString : Valore key non valido. La lunghezza valida per key deve essere 128 bit, 192 bit o 256 bit.
In riga:1 car:67
+ ... ing $number -AsPlainText -Force | ConvertFrom-SecureString -Key $keym
+                                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [ConvertFrom-SecureString], PSArgumentException
    + FullyQualifiedErrorId : Argument,Microsoft.PowerShell.Commands.ConvertFromSecureStringCommand

I would like to apply the same decrypt/encrypt but using OpenSSL on Unix instead.

Answer 1

$number =+313331234568

This just defines a number. The + is pointless and could just as well be removed.

$key = [System.Text.Encoding]::Unicode.GetBytes('9999b9bc-99a9-99e9-b999-999f9a999c9d')

This transforms a Unicode string with a UUID to a byte array. The character '9' is converted to 2 bytes with the (integer) values 57 and 0, etc.

ConvertTo-SecureString -String $number -AsPlainText -Force | ...

This converts the number from the beginning to a secure string.

... | ConvertFrom-SecureString -Key $key[1..32]

This attempts to convert the secure string from before to a (still encrypted) ASCII representation, using the 2nd through 33rd byte from the byte array stored in $key as the encryption key. This is to make the encryption independent from the host and user to which the secure string would be tied otherwise, so that the exported data could be imported on any host by any user who knows the key ($key[1..32]). The .. is PowerShell's range operator, that produces a sequence of numbers starting with the first operand (1) and ending with the second operand (32). The [] operator returns all array elements matching the given indexes ([1, 2, ..., 32]).

The error you're getting in your example is because you try to encrypt the data with a 36 byte key. Allowed are only 16 byte (128 bit), 24 byte (192 bit), and 32 byte (256 bit).

---

The exported data is not compatible with OpenSSL, BTW. If you want to decrypt the data using OpenSSL on a Unix host: use a Windows port of OpenSSL for the encryption.