Encrypting Text Information Using Passphrase

by Apr 7, 2015

PowerShell 3.0 and later

In a previous tip we explained how you can use the Windows product ID stored in the Windows Registry to encrypt some text information.

If you find that this publicly available information is not safe enough for your purpose, then you can use a secret encryption key of your choice instead. The following example illustrates how a secret passphrase can be used as encryption key:

$Path = "$env:temp\secret.txt"
$Secret = 'Hello World!'
$Passphrase = 'Some secret key'

$key = [Byte[]]($Passphrase.PadRight(24).Substring(0,24).ToCharArray())

$Secret |
  ConvertTo-SecureString -AsPlainText -Force | 
  ConvertFrom-SecureString -Key $key | 
  Out-File -FilePath $Path

notepad $Path

To decipher the encrypted text, you would need to know the passphrase used to encrypt the text:

$Passphrase = Read-Host 'Enter the secret pass phrase'

$Path = "$env:temp\secret.txt"

$key = [Byte[]]($Passphrase.PadRight(24).Substring(0,24).ToCharArray())

  $decryptedTextSecureString = Get-Content -Path $Path -Raw |
  ConvertTo-SecureString -Key $key -ErrorAction Stop

  $cred = New-Object -TypeName System.Management.Automation.PSCredential('dummy', $decryptedTextSecureString)
  $decryptedText = $cred.GetNetworkCredential().Password
  $decryptedText = '(wrong key)'
"The decrypted secret text: $decryptedText"

Twitter This Tip! ReTweet this Tip!