将密码存储为多个变量 [英] Store Password as Multiple Variables

问题描述

我遇到了我正在编写的脚本的绊脚石，我希望有更多知识的人能够为我提供帮助.

I've run into a stumbling block for a script I'm writing and I was hoping someone more knowledgeable might be able to help me out.

简单地说，我希望用户能够输入密码，并将密码的每个字母分配给变量.

To put it simply, I want a user to be able to input their password and each letter of that password be assign to variables.

$uCcuGUBIJnoORUWA = "a"
$LjN6WLzWVAaM4BQN = "b"
$5qJ79dPkDGNeIsVy = "c"

…等

完成此操作后，密码将发送到文本文件并作为变量输出.因此，如果您的密码是"abc"，则文本文件将显示为…

Once this is done, the password is send to a text file and outputted as the variables. So if your password was "abc" then the text file would appear as …

HASH1 = $uCcuGUBIJnoORUWA
HASH2 = $LjN6WLzWVAaM4BQN
HASH3 = $5qJ79dPkDGNeIsVy

…等等.

… and so on.

一旦密码被完全写入并存储在文本文件中，脚本的其余部分将使用该信息来匹配每段代码，以找出密码是什么.然后，它将使用类似以下的命令输入密码:

Once the password is completely written and is stored on the text file, the rest of the script uses that information to match each piece of code to figure out what the password is. It then would then type out the password using something like:

[System.Windows.Forms.SendKeys]::SendWait("$uCcuGUBIJnoORUWA$LjN6WLzWVAaM4BQN$5qJ79dPkDGNeIsVy")

现在，我的脚本使用的是硬编码密码，这不太理想.我正在使用PS2EXE将.ps1文件转换为.exe文件，因此它不是纯文本格式.

Right now my script is using a hard-coded password, which is less than ideal. I'm using PS2EXE to convert the .ps1 file to an .exe file so it's not in plain-text.

我了解如何存储变量以及如何获取脚本以将变量输出为实际字母，我只是在为用户输入密码然后存储密码的方法上遇到麻烦./p>

I understand how to store the variables and how to get the script to output the variables as the actual letters, I'm just having some trouble figuring out a way for the user to input the password and then have it stored.

推荐答案

比混淆更好的是:实际加密吗?

How about something better than obfuscation: actual encryption?

将凭据存储在 [PSCredential] 对象中.密码部分存储为安全字符串，这已经是一件好事了.

Store the credentials in a [PSCredential] object. The password portion of this is stored as a secure string, which is already a good thing.

要将其导出到文件中:

$cred | Export-Clixml -Path C:\master.xml

要重新导入它:

$cred = Import-Clixml -Path C:\master.xml

重要的是，密码在写出到磁盘时将被加密.它只能由同一台计算机上的同一用户解密(并因此重新导入).

The important thing is that the password will be encrypted when it's written out to disk. It can only be decrypted (and therefore reimported) by the same user on the same computer.

因此，我希望将用户名和计算机名作为文件名的一部分.这是用于存储凭据的脚本的示例:

As a result I like to make the user and computer name part of the file name. Here's an example of a script to store the credentials:

$cred = Get-Credential
$cred | Export-Clixml -Path "C:\whatever\master_$env:COMPUTERNAME-$env:USERNAME.xml"

在您实际要使用的脚本中:

In the script where you actually want to use it:

$cred = Import-Clixml -Path "C:\whatever\master_$env:COMPUTERNAME-$env:USERNAME.xml"

这非常有用.通过在文件名中嵌入用户和计算机，您可以存储凭据的多个副本，具体取决于有多少用户需要访问多少台计算机上的凭据.

It's quite useful. By embedding the user and computer in the file name you can store multiple copies of the credentials depending on how many users need to access the creds on however many computers.

由于您可能需要脚本中的原始密码，因此从 [PSCredential] 对象中获取该密码的方法如下:

And since you might need the raw password in your script, the way to get that out of a [PSCredential] object is like so:

$cred.GetNetworkCredential().Password

这篇关于将密码存储为多个变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！