internal/functions/security/Unprotect-String.ps1
|
function Unprotect-String { <# .SYNOPSIS Uses DPAPI to decrypt strings. .DESCRIPTION Uses DPAPI to decrypt strings. Designed to reverse encryption applied by Protect-String .PARAMETER String The string to decrypt. .EXAMPLE PS C:\> Unprotect-String -String $secret Decrypts the content stored in $secret and returns it. #> [CmdletBinding()] Param ( [Parameter(ValueFromPipeline = $true)] [System.Security.SecureString[]] $String ) begin { Add-Type -AssemblyName System.Security -ErrorAction Stop } process { if ($PSVersionTable.PSEdition -eq "Core") { foreach ($item in $String) { $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($item) $EncyptedToken = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) $DcyptedToken = ConvertTo-SecureString -String $EncyptedToken -Key $Script:EncKey $BSTR1 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($DcyptedToken) [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR1) } } else { foreach ($item in $String) { $cred = New-Object PSCredential("irrelevant", $item) $stringBytes = [System.Convert]::FromBase64String($cred.GetNetworkCredential().Password) $decodedBytes = [System.Security.Cryptography.ProtectedData]::Unprotect($stringBytes, $null, 'CurrentUser') [Text.Encoding]::UTF8.GetString($decodedBytes) } } } } |