{"id":1037,"date":"2020-04-30T15:12:45","date_gmt":"2020-04-30T05:12:45","guid":{"rendered":"https:\/\/kng.tech\/blog\/?p=1037"},"modified":"2020-04-30T16:12:49","modified_gmt":"2020-04-30T06:12:49","slug":"launch-another-process-with-encrypted-credential-powershell","status":"publish","type":"post","link":"https:\/\/kng.tech\/blog\/launch-another-process-with-encrypted-credential-powershell\/","title":{"rendered":"Launch another process with Encrypted Credential (Powershell)"},"content":{"rendered":"

First create an AES key and output it to a file. (reference here<\/a>)<\/p>\n

\r\n$KeyFile = \"C:\\ps\\s\\AESKey\\AES.key\"\r\n$Key = New-Object Byte[] 16   # You can use 16, 24, or 32 for AES\r\n[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)\r\n$Key | out-file $KeyFile\r\n<\/pre>\n
 
\nSecond, use the AES key we created in the first step to encrypt the password and output it to a file.<\/p>\n
\r\n$PasswordFile = \"C:\\ps\\s\\AESKey\\pwd.txt\"\r\n$KeyFile = \"C:\\ps\\s\\AESKey\\AES.key\"\r\n$Key = Get-Content $KeyFile\r\n$Password = \"Y0urS3curePa$$w0rd.\" | ConvertTo-SecureString -AsPlainText -Force\r\n$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile\r\n<\/pre>\n
 
\nNow, you got a password file which can only be decrypted by that Key you created in first step.<\/p>\n
Here is a snippet on how to create a powershell encrypted credential, and use it to launch another process.<\/p>\n
\r\n# use the passwordfile, and key created earlier\r\n$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)\r\n\r\n# Lauch another process with other credential from the user's powershell session\r\n# This is useful if the user only has normal right, and you could launch it with another credential whom has admin right.\r\nStart-Process powershell.exe -Credential $MyCredential -WindowStyle Hidden -ArgumentList \"Start-Process $($Program) -Wait -ErrorAction SilentlyContinue\"\r\n<\/pre>\n
 <\/p>\n
Please take step to protect that keyfile!<\/p>\n","protected":false},"excerpt":{"rendered":"
First create an AES key and output it to a file. (reference here) $KeyFile = \"C:\\ps\\s\\AESKey\\AES.key\" $Key = New-Object Byte[] 16 # You can use 16, 24, or 32 for AES [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) $Key | out-file $KeyFile   Second, use the AES key we created in the first step to encrypt the password and output it […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[50,43,45],"class_list":["post-1037","post","type-post","status-publish","format-standard","hentry","category-tech","tag-encrypted","tag-powershell","tag-securestring"],"_links":{"self":[{"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/posts\/1037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/comments?post=1037"}],"version-history":[{"count":7,"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/posts\/1037\/revisions"}],"predecessor-version":[{"id":1044,"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/posts\/1037\/revisions\/1044"}],"wp:attachment":[{"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/media?parent=1037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/categories?post=1037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kng.tech\/blog\/wp-json\/wp\/v2\/tags?post=1037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}