PS.Password.File.psm1
function New-PasswordFile { <# .SYNOPSIS New-PasswordFile .DESCRIPTION The function creates an AES encrypted password file as well as a file with the corresponding AES key. When the function is called, the password to be encrypted is requested. .PARAMETER Path Specifies the path where the files will be created. .EXAMPLE New-PasswordFile -Path 'C:\Temp' Creates in the folder C:\Temp the password and AESKey file .NOTES Author: Torsten Demmich Mail: torsten.demmich@gmail.com #> #Requires -Version 5.1 [CmdletBinding()] param ( [Parameter(Mandatory=$false,ValueFromPipeline=$false)] [ValidateScript({ If(Test-Path -Path $_ -PathType Container){ $true } else { throw '{0} is not a valid Directory' -f $_ } })] [string[]]$Path ) $pwdKey = '{0}\{1}' -f $Path.TrimEnd('\'), 'pwd.key' $pwdFile = '{0}\{1}' -f $Path.TrimEnd('\'), 'pwd.file' $password = Read-Host 'Enter password' -AsSecureString $AESKey = New-Object Byte[] 32 [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey) Set-Content -Value $AESKey -Path $pwdKey $password | ConvertFrom-SecureString -key (Get-Content $pwdKey) | Set-Content $pwdFile } function Read-PasswordFile { <# .SYNOPSIS Read-PasswordFile .DESCRIPTION Reads a password file and decrypts the file using a key file. The password is returned as a secure string. .PARAMETER KeyFile Specifies the file to AES key. .PARAMETER PwdFile Specifies the date to the encrypted password. .EXAMPLE $secPassword = Read-PasswordFile -KeyFile 'C:\Temp\pwd.key' -PwdFile 'C:\Temp\pwd.file' .NOTES Author: Torsten Demmich Mail: torsten.demmich@gmail.com #> #Requires -Version 5.1 [CmdletBinding()] param ( [Parameter(Mandatory=$true,ValueFromPipeline=$false)] [ValidateScript({ If(Test-Path -Path $_ -PathType leaf){ $true } else { throw '{0} is not a valid file' -f ($_) } })] [string[]]$KeyFile, [Parameter(Mandatory=$true,ValueFromPipeline=$false)] [ValidateScript({ If(Test-Path -Path $_ -PathType leaf){ $true } else { throw '{0} is not a valid file' -f ($_) } })] [string[]]$PwdFile ) process { $AESKey = Get-Content $KeyFile $pwdHash = Get-Content $PwdFile $securePwd = $pwdHash | ConvertTo-SecureString -Key $AESKey } end { return $securePwd } } |