Menu
How do I convert a SecureString back to plain text?
From Example 4 of the Microsoft Documentation.
$secureString = ConvertTo-SecureString -String 'Example' -AsPlainText
$secureString # 'System.Security.SecureString'
ConvertFrom-SecureString -SecureString $secureString -AsPlainText # 'Example'
But when I try the following:
>> $secureString = ConvertTo-SecureString -String 'Example' -AsPlainText -Force
>> $secureString # 'System.Security.SecureString'
>> ConvertFrom-SecureString -SecureString $secureString -AsPlainText # 'Example'
I get this error:
ConvertFrom-SecureString : A parameter cannot be found that matches parameter name 'AsPlainText'.
At line:3 char:54
+ ... ertFrom-SecureString -SecureString $secureString -AsPlainText # 'Exam ...
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ConvertFrom-SecureString], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.ConvertFromSecureStringCommand
When I run those commands without -AsPlainText it returns:
01000000d08c9ddf0115d1118c7a00c04fc297eb0100000063db09d0a5a25b4d92484ee7d5911cf90000000002000000000003660000c00000001000000098fcbc0d5e009078dd7a1dfe9f24d3380000000004800000a00000001000000027a7f841c320bc17b5e4febbcd3e49551000000005a133e9f864340d9d7b2473939156ef14000000f889bf5c0fc4799a5aaf435ebb15cd0920f24575
Is this a Microsoft issue or is this not supported in PowerShell 5.1
PowerShell Version
Major Minor Build Revision
----- ----- ----- --------
5 1 18362 628
374
The encrypted standard string can be converted back to its secure string format by using the ConvertTo-SecureString cmdlet.
Description. The ConvertTo-SecureString cmdlet converts encrypted standard strings into secure strings. It can also convert plain text to secure strings. It is used with ConvertFrom-SecureString and Read-Host .
In PowerShell, there are a number of cmdlets that work with something called a secure string. When you create a saved credential object, the password is stored as a secure string.
SecureString is a string type that provides a measure of security. It tries to avoid storing potentially sensitive strings in process memory as plain text.
It's not supported in PowerShell 5.1. ConvertFrom-SecureString doesn't support the-AsPlainText parameter until PowerShell Core 7+.
If you want to get the plain text string from a plain text SecureString in PowerShell prior to 7, use the following methods:
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureString)
$plaintext = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
$plaintext will be your plaintext string converted from the SecureString you passed in.
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
