带Powershell的gpg-密码安全 [英] gpg with powershell - passphrase security

问题描述

我正在使用gnupg通过Powershell脚本加密和解密数据，问题是我的代码中有密码短语.这可能不是最好的解决方案.为脚本提供密码短语的最佳和安全的方法是哪一种?谢谢.

I'm using gnupg to encrypt and decrypt data via powershell script and the problem is, that I have passphrase in the code. It's propably not the best solution. Which is the best and secure way to provide passphrase to script? Thank you.

C:\"Program Files"\GNU\GnuPG\gpg2.exe --passphrase mypassphrase --batch --output C:\Z\$decrypted_file.xls --decrypt C:\_Zo\$encrypted_file

推荐答案

您可以在磁盘上加密密码或密码.

You can Crypt the passphrase or the password on the disk.

以下解决方案使用计算机作为用户.

以下两个脚本是securot框架.NET程序集.

The following two scripts the securot framework .NET assembly.

对于服务器计算机，可以通过计算机身份保护机密.此代码使用以下事实:任何可以在计算机上运行代码的人都可以访问密码.因此，密码文件可以在整个网络上共享，只能由服务器本身对其进行解码.您可以将ACL添加到密码文件中，以便仅由某些用户组读取.

For server computers, it's possible to protect the secret by the computer identity. This code use the fact that any people who can run code on the computer can access the password. So the passwword file can be shared accross the network, it can only be decoded by the server itself. You can add ACL to the password file for it to be read only by some group of users.

加密(必须在服务器计算机上完成):

# Mandatory Framework .NET Assembly 
Add-Type -assembly System.Security

# String to Crypt
$passwordASCII = Read-Host -Prompt "Entrer le mot de passe"

# String to INT Array
$enc = [system.text.encoding]::Unicode
$clearPWD_ByteArray = $enc.GetBytes( $passwordASCII.tochararray())

# Crypting
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$bakCryptedPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Protect($clearPWD_ByteArray, $null, $secLevel)

# Store in Base 64 form
$B64PWD_ByteArray = [Convert]::ToBase64String($bakCryptedPWD_ByteArray)
Set-Content -LiteralPath c:\Temp\pass.txt -Value $B64PWD_ByteArray

解码:

# Mandatory Framework .NET Assembly
Add-Type -assembly System.Security

# Getting from Base 64 storage
$resCryptedPWD_ByteArray = [Convert]::FromBase64String((Get-Content -LiteralPath c:\Temp\pass.txt))

# Decoding
$secLevel = [System.Security.Cryptography.DataProtectionScope]::LocalMachine
$clearPWD_ByteArray = [System.Security.Cryptography.ProtectedData]::Unprotect( $resCryptedPWD_ByteArray, $null, $secLevel )

# Dtring from int Array
$enc = [system.text.encoding]::Unicode
$enc.GetString($clearPWD_ByteArray)

这篇关于带Powershell的gpg-密码安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！