Powershell加密密码

1. SecureString
   net中的一个类型。无法通过该类型对象还原出原来的字符串，但是可以把它当作密码使用。

2. Encrypted Standard String
   加密后的字符串

用法一

$loginUserName = "aaaa"
$loginPassword = "bbbb"

# - 1. 将密码转为SecureString

$securePassword = ConvertTo-SecureString $loginPassword -AsPlainText -Force

# - 2. 将SecureString转为加密字符串

$securePasswordStr = ConvertFrom-SecureString $securePassword

#或直接输出到文件 
ConvertFrom-SecureString $securePassword | Out-file "D:\securePasswordStr.file"

# - 3.使用

#通过变量
New-Object -TypeName System.Management.Automation.PSCredential `
            -ArgumentList $loginUserName, (echo $securePasswordStr | ConvertTo-SecureString)

#通过文件
New-Object -TypeName System.Management.Automation.PSCredential `
            -ArgumentList $loginUserName, (Get-Content D:\securePasswordStr.file | ConvertTo-SecureString)

用法二

#从标准输出采集密码并直接生成加密的字符串
$securePasswordStr = Read-Host "Enter Password: " -AsSecureString | ConvertFrom-SecureString
Read-Host "Enter Password: " -AsSecureString | ConvertFrom-SecureString | Out-File "D:\securePasswordStr.file"
New-Object -TypeName System.Management.Automation.PSCredential `
            -ArgumentList $loginUserName, (Get-Content D:\securePasswordStr.file | ConvertTo-SecureString)

注：用法一、用法二生成的$securePasswordStr或者d:\securePasswordStr.file只能在本机上用

用法三

# 1. 生成key

$key = New-Object Byte[] 32
[System.Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($key)
$key | Out-file "D:\AES.key"

# 2. 获取密码SecureString

$loginUserName = "aaaa"
$loginPassword = "bbbb"
$securePassword = ConvertTo-SecureString $loginPassword -AsPlainText -Force

# 3. 通过key加密

$securePasswordStr = ConvertFrom-SecureString $securePWD -Key $key
#或直接输出到文件 
ConvertFrom-SecureString $securePWD  -Key $key | Out-file "D:\securePasswordStr.file"

# 4. 使用
New-Object -TypeName System.Management.Automation.PSCredential `
            -ArgumentList $loginUserName, ($securePasswordStr | ConvertTo-SecureString -Key $key)    #如果是用文件，需要执行$key = Get-Content "D:\securePasswordStr.file"