<#
.notes
##############################################################################
# Generate Password Encryption
# Filename : GenPasswordEncryption.ps1
# Script Version : 1.1.3
##############################################################################
.prerequisites
1. Powershell 2 or above ($psversiontable.psversion.major)
2. Windows Vista or newer.
.synopsis
This script takes a clear text input for a password and generate an AES encrypted password hash to be embedded within script passwords. The script using this, must have the encryption and decryption functions included in it.
.usage
Run this script, supply the password to encrypt, then copy/paste everything between (not including) the square brackets.
.disclaimer
This code is intended as a standalone example. Subject to licensing restrictions defined on nutanix.dev, this can be downloaded, copied and/or modified in any way you see fit.
Please be aware that all public code samples provided by Nutanix are unofficial in nature, are provided as examples only, are unsupported and will need to be heavily scrutinized and potentially modified before they can be used in a production environment. All such code samples are provided on an as-is basis, and Nutanix expressly disclaims all warranties, express or implied.
All code samples are © Nutanix, Inc., and are provided as-is under the MIT license. (https://opensource.org/licenses/MIT)
#>
param(
[parameter(
mandatory=$true,
helpmessage="Please supply the password you wish to convert to hash...")]
$password
);
function create-aesmanagedobject($key, $iv) {
$aesmanaged = new-object "system.security.cryptography.aesmanaged"
$aesmanaged.mode = [system.security.cryptography.ciphermode]::cbc
$aesmanaged.padding = [system.security.cryptography.paddingmode]::zeros
$aesmanaged.blocksize = 128
$aesmanaged.keysize = 256
if ($iv) {
if ($iv.gettype().name -eq "string") {
$aesmanaged.iv = [system.convert]::frombase64string($iv)
}
else {
$aesmanaged.iv = $iv
}
}
if ($key) {
if ($key.gettype().name -eq "string") {
$aesmanaged.key = [system.convert]::frombase64string($key)
}
else {
$aesmanaged.key = $key
}
}
$aesmanaged
}
function decrypt-string($key, $encryptedstringwithiv) {
$bytes = [system.convert]::frombase64string($encryptedstringwithiv)
$iv = $bytes[0..15]
$aesmanaged = create-aesmanagedobject $key $iv
$decryptor = $aesmanaged.createdecryptor();
$unencrypteddata = $decryptor.transformfinalblock($bytes, 16, $bytes.length - 16);
$aesmanaged.clear()
$aesmanaged.dispose()
[system.text.encoding]::utf8.getstring($unencrypteddata).trim([char]0)
}
function encrypt-string($key, $unencryptedstring) {
$bytes = [system.text.encoding]::utf8.getbytes($unencryptedstring)
$aesmanaged = create-aesmanagedobject $key
$encryptor = $aesmanaged.createencryptor()
$encrypteddata = $encryptor.transformfinalblock($bytes, 0, $bytes.length);
[byte[]] $fulldata = $aesmanaged.iv + $encrypteddata
$aesmanaged.clear()
$aesmanaged.dispose()
[system.convert]::tobase64string($fulldata)
}
if (-not $password) { exit }
[byte[]] $saltarray = 1..32 | foreach { [byte] (get-random -minimum 1 -maximum 125) }
$encryptedstring = encrypt-string $saltarray $password
$backtoplaintext = decrypt-string $saltarray $encryptedstring
write-host "`r`n#######################################" -foregroundcolor BLUE
write-host "`Copy & Paste everything between the square brackets" -nonewline -foregroundcolor GREEN
write-host " [" -nonewline -foregroundcolor YELLOW
write-host "<- ->" -nonewline -foregroundcolor GREEN
write-host "]" -foregroundcolor YELLOW
write-host "#######################################" -foregroundcolor BLUE
write-host "AES Encrypted Password" -nonewline -foregroundcolor GREEN
write-host " [" -nonewline -foregroundcolor YELLOW
write-host " ""$($encryptedString)"" " -nonewline -foregroundcolor GREEN
write-host "]" -foregroundcolor YELLOW
foreach ($byte in $saltarray) { [string]$bytearray += "$($byte)," }
$sharedkey = $bytearray.substring(0,$bytearray.length-1)
write-host "AES Shared Key" -nonewline -foregroundcolor GREEN
write-host " [" -nonewline -foregroundcolor YELLOW
write-host " ($($sharedkey)) " -nonewline -foregroundcolor GREEN
write-host "]" -foregroundcolor YELLOW
write-host "#######################################" -foregroundcolor BLUE
write-host "Decrypted Password" -nonewline -foregroundcolor GREEN
write-host " [" -nonewline -foregroundcolor YELLOW
write-host "$backToPlainText" -nonewline -foregroundcolor CYAN
write-host "]`r`n" -foregroundcolor YELLOW