{"id":5112,"date":"2017-12-22T08:06:25","date_gmt":"2017-12-22T07:06:25","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=5112"},"modified":"2017-12-22T08:59:09","modified_gmt":"2017-12-22T07:59:09","slug":"powershell-en-and-decrypt-string-with-aes256","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/powershell-en-and-decrypt-string-with-aes256\/","title":{"rendered":"Powershell: En- and Decrypt string with AES256"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_5112 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_5112')){$('.twoclick_social_bookmarks_post_5112').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Powershell%3A%20En-%20and%20Decrypt%20string%20with%20AES256\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Aif%20you%20have%20the%20requierment%20to%20encrypt%20strings%20in%20Powershell%20the%20.NET%20Framework%20offers%20some%20classes%20for%20this%20case.%20This%20is%20a%20symmetric%20encryption.%20Receiver%20and%20Sender%20uses%20the%20same%20Password%2FKey%20to%20en-%20and%20decrypt%20the%20message.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/powershell-en-and-decrypt-string-with-aes256\\\/\",\"post_id\":5112,\"post_title_referrer_track\":\"Powershell%3A+En-+and+Decrypt+string+with+AES256\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>if you have the requierment to encrypt strings in Powershell the .NET Framework offers some classes for this case. This is a symmetric encryption. Receiver and Sender uses the same Password\/Key to en- and decrypt the message.<br \/>\n<!--more--><br \/>\nFirst of all you have to load two Assemblies<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\n&#x5B;System.reflection.assembly]::LoadWithPartialName(&quot;System.Security&quot;)|out-null\r\n&#x5B;System.reflection.assembly]::LoadWithPartialName(&quot;System.IO&quot;)|out-null\r\n<\/pre>\n<p>This is the Encrypt function. It requieres 4 Parameters. <\/p>\n<li>\n<ul>aBytesToBeEncrypted => The string to as byte array<\/ul>\n<ul>aPasswordBytes => The password as byte array <\/ul>\n<ul>raEncryptedBytes => A reference to byte array to which the encrypted data is written <\/ul>\n<ul>aCustomSalt=> A byte array of a salt<\/ul>\n<\/li>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nfunction fAESEncrypt()\r\n{\r\n\tParam(\r\n\t\t&#x5B;Parameter(Mandatory=$true)]&#x5B;byte&#x5B;]]$aBytesToBeEncrypted,\r\n\t\t&#x5B;Parameter(Mandatory=$true)]&#x5B;byte&#x5B;]]$aPasswordBytes,\r\n\t\t&#x5B;Parameter(Mandatory=$true)]&#x5B;ref]$raEncryptedBytes,\r\n\t\t&#x5B;Parameter(Mandatory=$false)]&#x5B;byte&#x5B;]]$aCustomSalt\r\n\t)\t\t\r\n    &#x5B;byte&#x5B;]] $encryptedBytes = @()\r\n    # Salt must have at least 8 Bytes!!\r\n    # Encrypt and decrypt must use the same salt\r\n    # Define your own Salt here\r\n    &#x5B;byte&#x5B;]]$aSaltBytes = @(4,7,12,254,123,98,34,12,67,12,122,111) \r\n\tif($aCustomSalt.Count -ge 1)\r\n\t{\r\n\t\t$aSaltBytes=$aCustomSalt\r\n\t}\t\r\n    &#x5B;System.IO.MemoryStream] $oMemoryStream = new-object System.IO.MemoryStream\r\n    &#x5B;System.Security.Cryptography.RijndaelManaged] $oAES = new-object System.Security.Cryptography.RijndaelManaged\r\n    $oAES.KeySize = 256;\r\n    $oAES.BlockSize = 128;\r\n    &#x5B;System.Security.Cryptography.Rfc2898DeriveBytes] $oKey = new-object System.Security.Cryptography.Rfc2898DeriveBytes($aPasswordBytes, $aSaltBytes, 1000);\r\n    $oAES.Key = $oKey.GetBytes($oAES.KeySize \/ 8);\r\n    $oAES.IV = $oKey.GetBytes($oAES.BlockSize \/ 8);\r\n    $oAES.Mode = &#x5B;System.Security.Cryptography.CipherMode]::CBC\r\n    $oCryptoStream = new-object System.Security.Cryptography.CryptoStream($oMemoryStream, $oAES.CreateEncryptor(), &#x5B;System.Security.Cryptography.CryptoStreamMode]::Write)\r\n\ttry\r\n\t{\r\n\t\t$oCryptoStream.Write($aBytesToBeEncrypted, 0, $aBytesToBeEncrypted.Length);\r\n\t\t$oCryptoStream.Close();\r\n\t}\r\n\tcatch &#x5B;Exception]\r\n\t{\r\n\t\t$raEncryptedBytes.Value=&#x5B;system.text.encoding]::ASCII.GetBytes(&quot;Error occured while encoding string. Salt or Password incorrect?&quot;)\r\n\t\treturn $false\r\n\t}\t\r\n    $oEncryptedBytes = $oMemoryStream.ToArray();\r\n    $raEncryptedBytes.Value=$oEncryptedBytes;\r\n\treturn $true\r\n}\r\n<\/pre>\n<p>And the decrypt function, also 4 parameters are requiered<\/p>\n<li>\n<ul>aBytesToDecrypt=> The byte array which holds the encrypted data<\/ul>\n<ul>aPasswordBytes => The password as byte array <\/ul>\n<ul>raDecryptedBytes=> A reference to byte array to which the decrypted data is written <\/ul>\n<ul>aCustomSalt=> A byte array of a salt<\/ul>\n<\/li>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nfunction fAESDecrypt()\r\n{\r\n\tParam(\r\n\t\t&#x5B;Parameter(Mandatory=$true)]&#x5B;byte&#x5B;]]$aBytesToDecrypt,\r\n\t\t&#x5B;Parameter(Mandatory=$true)]&#x5B;byte&#x5B;]]$aPasswordBytes,\r\n\t\t&#x5B;Parameter(Mandatory=$true)]&#x5B;ref]$raDecryptedBytes,\r\n\t\t&#x5B;Parameter(Mandatory=$false)]&#x5B;byte&#x5B;]]$aCustomSalt\r\n\t)\t\r\n    &#x5B;byte&#x5B;]]$oDecryptedBytes = @();\r\n\t# Salt must have at least 8 Bytes!!\r\n\t# Encrypt and decrypt must use the same salt\r\n    &#x5B;byte&#x5B;]]$aSaltBytes = @(4,7,12,254,123,98,34,12,67,12,122,111) \r\n\tif($aCustomSalt.Count -ge 1)\r\n\t{\r\n\t\t$aSaltBytes=$aCustomSalt\r\n\t}\r\n    &#x5B;System.IO.MemoryStream] $oMemoryStream = new-object System.IO.MemoryStream\r\n    &#x5B;System.Security.Cryptography.RijndaelManaged] $oAES = new-object System.Security.Cryptography.RijndaelManaged\r\n    $oAES.KeySize = 256;\r\n    $oAES.BlockSize = 128;\r\n    &#x5B;System.Security.Cryptography.Rfc2898DeriveBytes] $oKey = new-object System.Security.Cryptography.Rfc2898DeriveBytes($aPasswordBytes, $aSaltBytes, 1000);\r\n    $oAES.Key = $oKey.GetBytes($oAES.KeySize \/ 8);\r\n    $oAES.IV = $oKey.GetBytes($oAES.BlockSize \/ 8);\r\n    $oAES.Mode = &#x5B;System.Security.Cryptography.CipherMode]::CBC\r\n\t$oCryptoStream = new-object System.Security.Cryptography.CryptoStream($oMemoryStream, $oAES.CreateDecryptor(), &#x5B;System.Security.Cryptography.CryptoStreamMode]::Write)\r\n\ttry\r\n\t{\r\n\t\t$oCryptoStream.Write($aBytesToDecrypt, 0, $aBytesToDecrypt.Length)\r\n\t\t$oCryptoStream.Close()\r\n\t}\r\n\tcatch &#x5B;Exception]\r\n\t{\r\n\t\t$raDecryptedBytes.Value=&#x5B;system.text.encoding]::ASCII.GetBytes(&quot;Error occured while decoding string. Salt or Password incorrect?&quot;)\r\n\t\treturn $false\r\n\t}\r\n    $oDecryptedBytes = $oMemoryStream.ToArray();\r\n\t$raDecryptedBytes.Value=$oDecryptedBytes\r\n\treturn $true\r\n}\r\n<\/pre>\n<p>And how to use it \ud83d\ude42 . Define a salt and password for encryption and encrypt the string<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\n$aCustomSalt=@(1,2,3,4,5,6,7,9,10,11,254,253,252)\r\n$sPassword=&quot;A Secret Password&quot;\r\n$sInput=&quot;A secret Message&quot; \r\n&#x5B;byte&#x5B;]]$aEncryptedMessage=$null\r\nfAESEncrypt (&#x5B;system.text.encoding]::ASCII.GetBytes($sInput)) (&#x5B;system.text.encoding]::ASCII.GetBytes($sPassword)) (&#x5B;ref]$aEncryptedMessage) $aCustomSalt\r\n<\/pre>\n<p>Decryption<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\n$aCustomSalt=@(1,2,3,4,5,6,7,9,10,11,254,253,252)\r\n$sPassword=&quot;A Secret Password&quot;\r\n&#x5B;byte&#x5B;]]$aDecryptedMessage=$null\r\nfAESDecrypt $aEncryptedMessage (&#x5B;system.text.encoding]::ASCII.GetBytes($sPassword)) (&#x5B;ref]$aDecryptedMessage) $aCustomSalt\r\nwrite-host &quot;Your Message:&quot; (&#x5B;System.Text.Encoding]::UTF8.GetString($aDecryptedMessage))\r\n<\/pre>\n<p>This is it \ud83d\ude42<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, if you have the requierment to encrypt strings in Powershell the .NET Framework offers some classes for this case. This is a symmetric encryption. Receiver and Sender uses the same Password\/Key to en- and decrypt the message.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[344,466],"tags":[1125,600,608,133,1126,20],"class_list":["post-5112","post","type-post","status-publish","format-standard","hentry","category-powershell-scripting","category-security","tag-aes256","tag-decrypt","tag-encrypt","tag-powershell","tag-symmetric","tag-windows-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=5112"}],"version-history":[{"count":9,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5112\/revisions"}],"predecessor-version":[{"id":5122,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5112\/revisions\/5122"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=5112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=5112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=5112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}