PowerShell Encryption Function Library

Posted on by Luca Sturlese

Hi All,

About a year ago I had a requirement to securely store a few passwords that would then be used to run a PowerShell script. At the time, I thought it would be a good idea to create another one of my PowerShell Function Libraries, such as my PowerShell Logging Function Library.

This article documents my solution and the end product: PowerShell Encryption Function Library….

High-level Overview:

The PowerShell Encryption Function Library includes 3 functions which do the following:

  1. Set-EncryptionKey: Used to create a key which is used to encrypt and decrypt the data
  2. Encrypt-Data: Encrypt data using the specified encryption key
  3. Decrypt-Data: Decrypts data using the specified encryption key

Instead of explaining the details of the function library line by line, I would rather just provide you with the entire PowerShell Encryption Function Library, and then explain how to use it. I will then use the PowerShell Encryption Function Library in an example. Finally, I will go through a few use cases of where you can expect to require these functions.

The Code – PowerShell Encryption Function Library:

Below is the complete encryption function library….

Installation Instructions:

To use the PowerShell Encryption Function Library in your script, complete the following steps:

  1. Copy the code above and save it in a new .ps1 file called Encryption_Functions.ps1. Alternatively you can download the file from here: PowerShell Encryption Function Library
  2. Copy the file and store it in a central location that everyone has access to (Note: This is very important otherwise your script will fail if the account running the script doesn’t have access to the function library)
  3. In your script dot source the Encryption_Functions.ps1 file. You should do this at the top of your PowerShell script and it should look something like this: 
    
. "C:\Scripts\Functions\Encryption_Functions.ps1"
  4. Call the relevant functions as required (see the example below on how to do this)
  5. Enjoy 🙂

Example Script:

If you are wondering exactly how to be able to use the PowerShell Encryption Function Library, then have a look at the example below. If you are still unsure, then shoot me an email or use the comments below.


#--------------------------------------------------------------------------------
# This script shows you how to use the PowerShell Encryption Function Library.
#
# Simply, it prompts the user for some credentials and then encrypts then using
# the Encrypt-Data function. The script will then decrypt the same credentials
# using the Decrypt-Data function. Finally the script will return the plain-text
# password to the user.
#
# More Info: https://9to5it.com/powershell-encryption-function-library
#
#--------------------------------------------------------------------------------


. "C:\Scripts\Functions\Encryption_Functions.ps1"


#--------------------------------------------------------------------------------
# VARIABLES USED FOR EXAMPLE
#--------------------------------------------------------------------------------

#Set your encrytion key - needs to be between 16 and 32 characters in length
$PlainKey = "KNHAL97Z12LQJ0ZR8K7MSADU820S4VHJ"

#Get Credentials to encrypt and then decryption
$Cred = Get-Credential


#--------------------------------------------------------------------------------
# ENCRYPTION EXAMPLE
#--------------------------------------------------------------------------------

#Step 1: Convert plain-text encryption key to bytes
$EncryptKey = Set-EncryptKey -Key $PlainKey

Start-Sleep -Seconds 2

#Step 2: Encrypt data calling PowerShell Function
$EncryptedData = Encrypt-Data -SecureString $Cred.Password -EncryptKey $EncryptKey


#--------------------------------------------------------------------------------
# DECRYPTION EXAMPLE
#--------------------------------------------------------------------------------

#Step 1: Convert plain-text decryption key to bytes
$DecryptKey = Set-EncryptKey -Key $PlainKey

Start-Sleep -Seconds 2

#Step 2: Decrypt data calling PowerShell Function
$PlainText = Decrypt-Data -Data $EncryptedData -DecryptKey $DecryptKey -ConvertToPlainText $True

Start-Sleep -Seconds 2

#Step 3: Output results
write-host "Password = $PlainText"

Use Cases:

There could be many different use cases for the PowerShell Encryption Function Library. Below are a few that I can think of (if you can think of any more then let me know in the comments below):

  • Running scripts against non-domain joined (or untrusted domain joined) machines – e.g. DMZ Servers
  • Collecting sensitive data and storing it in a potentially vulnerable (or easily accessible) location – e.g. File Share
  • Password encryption, password encryption, password encryption. OK – this is the same as the first point, but I would say this would be the biggest use case – hence mentioning it twice

Final Comments:

Hopefully my PowerShell Encryption Function Library has made it substantially easier to encrypt and decrypt data when and if required.

Finally, I would like to say that I didn’t invent the entire solution myself – at the time (about 1 year ago now) I did some research online and found many of the components that I put together to produce the PowerShell Encryption Function Library. To all of the people that helped me (sorry I don’t know who you are exactly), I say thank you!

If you are still unsure of how to use these functions, then send me an email or leave me a comment and I will endeavour to help you as much as I can – as per usual.

Thanks
Luca

Categories PowerShell
Tags , , , ,

Leave a Comment

Comment Formatting
You may use the following HTML tags and attributes in your comments: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Markdown is also supported to style and format your comments, making it useful for when posting code. See the Markdown Quick Refernce Guide for more information.

This site uses Akismet to reduce spam. Learn how your comment data is processed.