There are many ways to encrypt text. Here is an approach that does not use an explicit “secret”. Instead, the secret is defined as your identity plus your machine.
When you encrypt text using ConvertTo-TextEncrypted, the result can only be deciphered by ConvertFrom-TextEncrypted if the same person runs the command on the same machine:
#requires -Version 2 function ConvertTo-TextEncrypted { param([Parameter(ValueFromPipeline = $true)]$Text) process { $Text | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString } } function ConvertFrom-TextEncrypted { param([Parameter(ValueFromPipeline = $true)]$Text) process { $SecureString = $Text | ConvertTo-SecureString $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureString) [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) } }
To test the process, try this first:
PS> "Hello World" | ConvertTo-TextEncrypted | ConvertFrom-TextEncrypted Hello World
Next, take some secret text, encrypt it, and save it in a file:
$Path = "$env:temp\secret.txt" 'Hello World' | ConvertTo-TextEncrypted | Set-Content -Path $Path
Now, try this to read in the saved encrypted text, and decipher it:
$Path = "$env:temp\secret.txt" Get-Content -Path $Path | ConvertFrom-TextEncrypted
Note that neither script contains a secret passphrase. Instead, your identity is the passphrase. So when someone else tries to decipher the text in the file, or when you try to decipher it on another computer, it fails.
The approach shown here can be used to safely store personal passwords that you do not want to manually enter every day.
