Struggling to encrypt the password in my WinSCP PowerShell script (example below) :: Support Forum

g0nz0uk
Joined:: 2021-02-23
Posts:: 7

Struggling to encrypt the password in my WinSCP PowerShell script (example below)

2021-03-07 12:26

Hello,

I need to encrypt my password in this copy script from Windows to Linux. This script has been working fine, I just need to add security.

Current working code

# Load WinSCP .NET assembly
Add-Type -Path "WinSCPnet.dll"
# Set up session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = "192.168.138.113"
    UserName = "test"
    Password = "test999#"
    SshHostKeyFingerprint = "ssh-ed25519 255 mfVWm6kqrWMoPBy7q7tkZydM/SmvA3jVPjRXoLxcLfA="
}
$session = New-Object WinSCP.Session
try
{
    # Connect
    $session.Open($sessionOptions)
    # Transfer files
    $session.PutFiles("C:\dism.log", "/usr/share/csv/*").Check()
}
finally
{
    $session.Dispose()
}

I then tried to encrypt:
I ran this to generate the hashed password:

Read-Host 'enter password' -AsSecureString |
ConvertFrom-SecureString |
Out-File 'C:\temp\password.txt'

Then added to my script:

# Load WinSCP .NET assembly
Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"
 
# Set up session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = "192.168.138.113"
    UserName = "test"
    SecurePassword = ConvertTo-SecureString "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f7e98d274da0e843a4ff48f5aa20208200000000020000000000106600000001000gkhkjhkjhkjhlkjlkj428a8b5d2fae4abd140000000ba8036948a049304e1311100b694fc03d1445d9d03ff0e25e0461383d303f9d9b5f76f477c514cf939c7637fd88897e32815af66e9ecefa8619e18e12202ac7c
"
   SshHostKeyFingerprint = "ssh-ed25519 255 mfVWm6kqrWMoPBy7q7tkZydM/SmvA3jVPjRXoLxcLfA="
}
 
$session = New-Object WinSCP.Session
 
try
{
    # Connect
    $session.Open($sessionOptions)
 
    # Transfer files
    $session.PutFiles("C:\dism.log", "/usr/share/csv/*").Check()
}
finally
{
    $session.Dispose()
}

But get this error when running:

ConvertTo-SecureString : Input string was not in a correct format.
At line:9 char:22
+ ... ePassword = ConvertTo-SecureString "01000000d08c9ddf0115d1118c7a00c04 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertTo-SecureString], FormatException
    + FullyQualifiedErrorId : System.FormatException,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

Any idea I what I need to add/change?

Thanks

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,378
Location:: Prague, Czechia

Re: Struggling to encrypt the password in my WinSCP PowerShell script (example below)

2021-03-09

There should be no newline in the string literal:

SecurePassword = ConvertTo-SecureString "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f7e98d274da0e843a4ff48f5aa20208200000000020000000000106600000001000gkhkjhkjhkjhlkjlkj428a8b5d2fae4abd140000000ba8036948a049304e1311100b694fc03d1445d9d03ff0e25e0461383d303f9d9b5f76f477c514cf939c7637fd88897e32815af66e9ecefa8619e18e12202ac7c"

Reply with quote

g0nz0uk

Re: Struggling to encrypt the password in my WinSCP PowerShell script (example below)

2021-03-09 17:41

I'm not sure what you mean. So my screenshot shows a " on a new line is that what you mean?

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,378
Location:: Prague, Czechia

Re: Struggling to encrypt the password in my WinSCP PowerShell script (example below)

2021-03-12

I mean this:

    SecurePassword = ConvertTo-SecureString "01000000...
"

It should be:

    SecurePassword = ConvertTo-SecureString "01000000..."

Reply with quote

g0nz0uk
Joined:: 2021-02-23
Posts:: 7

2021-03-13 18:51

This really isn't working. Now I get:

ConvertTo-SecureString : Input string was not in a correct format.
At line:9 char:22
+ ... ePassword = ConvertTo-SecureString "01000000d08c9ddf0115d1118c7a00c04 ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertTo-SecureString], FormatException
    + FullyQualifiedErrorId : System.FormatException,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand
 
Exception calling "Open" with "1" argument(s): "Value cannot be null.
Parameter name: sessionOptions"
At line:18 char:5
+     $session.Open($sessionOptions)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentNullException

What am I doing wrong here to encrypt my session?

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,378
Location:: Prague, Czechia

2021-03-16

Does this work for you?

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
 
Try the new cross-platform PowerShell https://aka.ms/pscore6
 
PS C:\encryptedpassword> Add-Type -Path "WinSCPnet.dll"
PS C:\encryptedpassword> Read-Host -AsSecureString | ConvertFrom-SecureString
**** # (typing "abcd" here)
01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad3b4991ec7d52438797134bcb02a15c0000000002000000000010660000000100002000000029a0dd2613bd7b04b1383c100bd2c30136a3a1c10b4d9110deda0e6c2fdc8203000000000e800000000200002000000091377bbd4b80c3bfa5c8f675a5db95b4ebf970dac04b2c93825057209ef4813e1000000026d47d10fefe37b91a90753e20894f2140000000d403186869d8b0d9171456eb97a1c7fe28b90d6b591e75976c5425d02ba96fa7b58c2c57d275f0a8d18cd88baaca39f415cad49434457119d1830ddf2c5e44f5
PS C:\encryptedpassword> $sessionOptions = New-Object WinSCP.SessionOptions
PS C:\encryptedpassword> $sessionOptions.SecurePassword = ConvertTo-SecureString "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad3b4991ec7d52438797134bcb02a15c0000000002000000000010660000000100002000000029a0dd2613bd7b04b1383c100bd2c30136a3a1c10b4d9110deda0e6c2fdc8203000000000e800000000200002000000091377bbd4b80c3bfa5c8f675a5db95b4ebf970dac04b2c93825057209ef4813e1000000026d47d10fefe37b91a90753e20894f2140000000d403186869d8b0d9171456eb97a1c7fe28b90d6b591e75976c5425d02ba96fa7b58c2c57d275f0a8d18cd88baaca39f415cad49434457119d1830ddf2c5e44f5"
PS C:\encryptedpassword> Write-Host $sessionOptions.Password
abcd

Reply with quote

Struggling to encrypt the password in my WinSCP PowerShell script (example below)