带有 SecureKey 问题的 SecureString
SecureString With SecureKey Issues
我有下面的代码,没有任何错误。
- SaveKeyPass.ps1 正在存储安全密钥(加密)和密码(使用安全密钥加密)
- GetKeyPass.ps1 从文件中获取安全密钥和密码,然后解密安全密钥,最后使用解密的安全密钥解密密码。
保存密钥密码。ps1
$key = "1234567891234567"
$textPassword = "securekey-textpassword"
$securePassword = ConvertTo-SecureString $textPassword -AsPlainText -Force
$secureKey = ConvertTo-SecureString $Key -AsPlainText -Force
$encryptedKey = ConvertFrom-SecureString $SecureKey -Key (1..16)
$encryptedPassword = ConvertFrom-SecureString $SecurePassword -SecureKey $decryptedSecureKeyFromFile
$encryptedKey | Out-File "C:\temp\securekey-enckey.txt"
$encryptedPassword | Out-File "C:\temp\securekey-encpass.txt"
Write-Host "Key: $Key"
Write-Host "Text Password: $textPassword"
Write-Host "Encrypted Password: $encryptedPassword"
Write-Host "Encrypted Key: $encryptedKey"
GetKeyPass.ps1
$key = ""
$textPassword = ""
$encryptedPasswordFromFile = ""
$encryptedKeyFromFile = ""
$secureDecryptedPassword = ""
$BSTR1= ""
$BSTR2= ""
$encryptedKeyFromFile = Get-Content "C:\temp\securekey-enckey.txt"
$encryptedPasswordFromFile = Get-Content "C:\temp\securekey-encpass.txt"
$secureDecryptedKey = ConvertTo-SecureString $encryptedKeyFromFile -Key (1..16)
$secureDecryptedPassword = ConvertTo-SecureString $encryptedPasswordFromFile -SecureKey $secureDecryptedKey
$BSTR1 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureDecryptedPassword)
$textPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR1)
$BSTR2 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureDecryptedKey)
$key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR2)
Write-Host "Key: $key"
Write-Host "Text Password: $textPassword"
Write-Host "Encrypted Password: $encryptedPasswordFromFile"
Write-Host "Encrypted Key: $encryptedKeyFromFile"
问题 1:
If I change first line (only last digit changed from 7 to 8) in SaveKeyPass.ps1 to and execute this script
$key = "1234567891234568"
and subsequently execute GetKeyPass.ps1 I get this error
ConvertTo-SecureString : Padding is invalid and cannot be removed.
At [**]:11 char:28
问题 2:
If I change first line (key length changed from 16 bytes to 32 bytes) in SaveKeyPass.ps1 to and execute this script
$key = "12345678912345671234567891234567"
and subsequently execute GetKeyPass.ps1 I get this error
The specified key is not valid. Valid key length settings are either 128 bits, 192 bits, or 256 bits.
At [**]:11 char:28
我真是一头雾水啊?在issue 1中只有一个数字被改变了,所以不确定从哪里抛出填充异常。在问题 2 中,我有 32 字节(256 位)密钥,但异常是抱怨密钥长度不正确。
如有任何帮助,我们将不胜感激。感谢阅读!
感谢 Martin 和 Djarid 的指点,我已将 SaveKeyPass 中的第 11 行更正。ps1 为
$encryptedPassword = ConvertFrom-SecureString $SecurePassword -SecureKey $secureKey
已解决问题 1完全和问题 2 部分。
第 2 期:
我注意到密钥中的 1 char/digit 是 16 位(可能在我的 64 位机器上),这意味着“12345678912345671234567891234567”是 512 位而不是 256 位,我认为 1 char/digit 是8 字节。因此,这违反了密钥的最大长度要求并且失败了。
这意味着如果我在密钥中提供 8、12、16 个字符,它们分别是 128 位、192 位和 256 位。
我有下面的代码,没有任何错误。
- SaveKeyPass.ps1 正在存储安全密钥(加密)和密码(使用安全密钥加密)
- GetKeyPass.ps1 从文件中获取安全密钥和密码,然后解密安全密钥,最后使用解密的安全密钥解密密码。
保存密钥密码。ps1
$key = "1234567891234567"
$textPassword = "securekey-textpassword"
$securePassword = ConvertTo-SecureString $textPassword -AsPlainText -Force
$secureKey = ConvertTo-SecureString $Key -AsPlainText -Force
$encryptedKey = ConvertFrom-SecureString $SecureKey -Key (1..16)
$encryptedPassword = ConvertFrom-SecureString $SecurePassword -SecureKey $decryptedSecureKeyFromFile
$encryptedKey | Out-File "C:\temp\securekey-enckey.txt"
$encryptedPassword | Out-File "C:\temp\securekey-encpass.txt"
Write-Host "Key: $Key"
Write-Host "Text Password: $textPassword"
Write-Host "Encrypted Password: $encryptedPassword"
Write-Host "Encrypted Key: $encryptedKey"
GetKeyPass.ps1
$key = ""
$textPassword = ""
$encryptedPasswordFromFile = ""
$encryptedKeyFromFile = ""
$secureDecryptedPassword = ""
$BSTR1= ""
$BSTR2= ""
$encryptedKeyFromFile = Get-Content "C:\temp\securekey-enckey.txt"
$encryptedPasswordFromFile = Get-Content "C:\temp\securekey-encpass.txt"
$secureDecryptedKey = ConvertTo-SecureString $encryptedKeyFromFile -Key (1..16)
$secureDecryptedPassword = ConvertTo-SecureString $encryptedPasswordFromFile -SecureKey $secureDecryptedKey
$BSTR1 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureDecryptedPassword)
$textPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR1)
$BSTR2 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureDecryptedKey)
$key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR2)
Write-Host "Key: $key"
Write-Host "Text Password: $textPassword"
Write-Host "Encrypted Password: $encryptedPasswordFromFile"
Write-Host "Encrypted Key: $encryptedKeyFromFile"
问题 1:
If I change first line (only last digit changed from 7 to 8) in SaveKeyPass.ps1 to and execute this script
$key = "1234567891234568"
and subsequently execute GetKeyPass.ps1 I get this error
ConvertTo-SecureString : Padding is invalid and cannot be removed. At [**]:11 char:28
问题 2:
If I change first line (key length changed from 16 bytes to 32 bytes) in SaveKeyPass.ps1 to and execute this script
$key = "12345678912345671234567891234567"
and subsequently execute GetKeyPass.ps1 I get this error
The specified key is not valid. Valid key length settings are either 128 bits, 192 bits, or 256 bits. At [**]:11 char:28
我真是一头雾水啊?在issue 1中只有一个数字被改变了,所以不确定从哪里抛出填充异常。在问题 2 中,我有 32 字节(256 位)密钥,但异常是抱怨密钥长度不正确。
如有任何帮助,我们将不胜感激。感谢阅读!
感谢 Martin 和 Djarid 的指点,我已将 SaveKeyPass 中的第 11 行更正。ps1 为
$encryptedPassword = ConvertFrom-SecureString $SecurePassword -SecureKey $secureKey
已解决问题 1完全和问题 2 部分。 第 2 期:
我注意到密钥中的 1 char/digit 是 16 位(可能在我的 64 位机器上),这意味着“12345678912345671234567891234567”是 512 位而不是 256 位,我认为 1 char/digit 是8 字节。因此,这违反了密钥的最大长度要求并且失败了。
这意味着如果我在密钥中提供 8、12、16 个字符,它们分别是 128 位、192 位和 256 位。