轉換爲安全字符串爲純文本

Question

我在電源外殼工作，我有一些代碼轉換成功用戶輸入密碼成純文本：

$SecurePassword = Read-Host -AsSecureString "Enter password" | convertfrom-securestring | out-file C:\Users\tmarsh\Documents\securePassword.txt 

我已經嘗試了多種方法將其轉換回，但他們沒有一個似乎正常工作。最近，我用以下方法嘗試：

$PlainPassword = Get-Content C:\Users\tmarsh\Documents\securePassword.txt 

#convert the SecureString object to plain text using PtrToString and SecureStringToBSTR 
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($PlainPassword) 
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) 
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR) #this is an important step to keep things secure 

這也給我一個錯誤。

Cannot convert argument "s", with value: "01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026a5b6067d53fd43801a9ef3f8ef9e43000000000200000000000366000 
0c0000000100000008118fdea02bfb57d0dda41f9748a05f10000000004800000a000000010000000c50f5093f3b87fbf9ee57cbd17267e0a10000000833d1d712cef01497872a3457bc8 
bc271400000038c731cb8c47219399e4265515e9569438d8e8ed", for "SecureStringToBSTR" to type "System.Security.SecureString": "Cannot convert the "01000000 
d08c9ddf0115d1118c7a00c04fc297eb0100000026a5b6067d53fd43801a9ef3f8ef9e430000000002000000000003660000c0000000100000008118fdea02bfb57d0dda41f9748a05f10 
000000004800000a000000010000000c50f5093f3b87fbf9ee57cbd17267e0a10000000833d1d712cef01497872a3457bc8bc271400000038c731cb8c47219399e4265515e9569438d8e8 
ed" value of type "System.String" to type "System.Security.SecureString"." 
At C:\Users\tmarsh\Documents\Scripts\Local Admin Script\PlainTextConverter1.ps1:14 char:1 
+ $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($PlainPassw ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : NotSpecified: (:) [], MethodException 
    + FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument 

Cannot find an overload for "PtrToStringAuto" and the argument count: "1". 
At C:\Users\tmarsh\Documents\Scripts\Local Admin Script\PlainTextConverter1.ps1:15 char:1 
+ $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : NotSpecified: (:) [], MethodException 
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest 

Cannot convert argument "s", with value: "", for "ZeroFreeBSTR" to type "System.IntPtr": "Cannot convert null to type "System.IntPtr"." 
At C:\Users\tmarsh\Documents\Scripts\Local Admin Script\PlainTextConverter1.ps1:16 char:1 
+ [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR) #this is an important ste ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : NotSpecified: (:) [], MethodException 
    + FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument 

Password is: 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026a5b6067d53fd43801a9ef3f8ef9e430000000002000000000003660000c0000000100000008118fdea02bfb57d0dda41f97 
48a05f10000000004800000a000000010000000c50f5093f3b87fbf9ee57cbd17267e0a10000000833d1d712cef01497872a3457bc8bc271400000038c731cb8c47219399e4265515e9569 
438d8e8ed 

有沒有人知道一種方法，將爲此工作？

謝謝！

Answer 1

您已經關閉，但您傳遞給SecureStringToBSTR的參數必須是SecureString。您似乎正在傳遞ConvertFrom-SecureString的結果，它是一個加密的標準字符串。因此，在傳遞給SecureStringToBSTR之前，請致電ConvertTo-SecureString。

$SecurePassword = ConvertTo-SecureString $PlainPassword 
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword) 
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) 

Answer 2

您也可以使用PSCredential.GetNetworkCredential（）：

$SecurePassword = Get-Content C:\Users\tmarsh\Documents\securePassword.txt | ConvertTo-SecureString 
$UnsecurePassword = (New-Object PSCredential "user",$SecurePassword).GetNetworkCredential().Password