# # Encrypt and Decrypt using Rijndael 256bit # # change the following two secret phrases $salt = "secretSentence" $init = "anotherSecretSentence" # supply a strong password $password = "mySecretPassword!" # # check bottom of the script for Samples # function Encrypt-String([string]$String) { $rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged $pass = [Text.Encoding]::UTF8.GetBytes($password) $salt = [Text.Encoding]::UTF8.GetBytes($salt) $rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8 $rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15] $encryptor = $rijndaelCSP.CreateEncryptor() $memoryStream = New-Object System.IO.MemoryStream $encryptStream = New-Object Security.Cryptography.CryptoStream $memoryStream, $encryptor, "Write" $streamWriter = New-Object System.IO.StreamWriter $encryptStream $streamWriter.Write($String) $streamWriter.Close() $encryptStream.Close() $memoryStream.Close() $rijndaelCSP.Clear() [byte[]]$result = $memoryStream.ToArray() [Convert]::ToBase64String($result) } function Decrypt-String([string]$Encrypted) { $Encrypted = [Convert]::FromBase64String($Encrypted) $rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged $pass = [System.Text.Encoding]::UTF8.GetBytes($password) $salt = [System.Text.Encoding]::UTF8.GetBytes($salt) $rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8 $rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15] $decryptor = $rijndaelCSP.CreateDecryptor() $memoryStream = New-Object IO.MemoryStream @(,$Encrypted) $decryptStream = New-Object Security.Cryptography.CryptoStream $memoryStream, $decryptor, "Read" $streamReader = New-Object System.IO.StreamReader $decryptStream Write-Output $streamReader.ReadToEnd() $streamReader.Close() $decryptStream.Close() $memoryStream.Close() $rijndaelCSP.Clear() } function Encrypt-File([string]$fileName, [string]$encryptedFile) { if($encryptedFile -eq $null -or $encryptedFile -eq "") { $encryptedFile = $fileName } $rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged $pass = [Text.Encoding]::UTF8.GetBytes($password) $salt = [Text.Encoding]::UTF8.GetBytes($salt) $rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8 $rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15] $encryptor = $rijndaelCSP.CreateEncryptor() $inputFileStream = New-Object System.IO.FileStream($fileName, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read) [int]$dataLen = $inputFileStream.Length [byte[]]$inputFileData = New-Object byte[] $dataLen [void]$inputFileStream.Read($inputFileData, 0, $dataLen) $inputFileStream.Close() $outputFileStream = New-Object System.IO.FileStream($encryptedFile, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write) $encryptStream = New-Object Security.Cryptography.CryptoStream $outputFileStream, $encryptor, "Write" $encryptStream.Write($inputFileData, 0, $dataLen) $encryptStream.Close() $outputFileStream.Close() $rijndaelCSP.Clear() } function Decrypt-File([string]$encryptedFile, [string]$decryptedFile) { if($decryptedFile -eq $null -or $decryptedFile -eq "") { $decryptedFile = $encryptedFile } $rijndaelCSP = New-Object System.Security.Cryptography.RijndaelManaged $pass = [System.Text.Encoding]::UTF8.GetBytes($password) $salt = [System.Text.Encoding]::UTF8.GetBytes($salt) $rijndaelCSP.Key = (New-Object Security.Cryptography.PasswordDeriveBytes $pass, $salt, "SHA1", 5).GetBytes(32) #256/8 $rijndaelCSP.IV = (New-Object Security.Cryptography.SHA1Managed).ComputeHash( [Text.Encoding]::UTF8.GetBytes($init) )[0..15] $decryptor = $rijndaelCSP.CreateDecryptor() $inputFileStream = New-Object System.IO.FileStream($encryptedFile, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read) $decryptStream = New-Object Security.Cryptography.CryptoStream $inputFileStream, $decryptor, "Read" [int]$dataLen = $inputFileStream.Length [byte[]]$inputFileData = New-Object byte[] $dataLen [int]$decryptLength = $decryptStream.Read($inputFileData, 0, $dataLen) $decryptStream.Close() $inputFileStream.Close() $outputFileStream = New-Object System.IO.FileStream($decryptedFile, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write) $outputFileStream.Write($inputFileData, 0, $decryptLength) $outputFileStream.Close() $rijndaelCSP.Clear() } # # Samples # # Note: change the file/folder names in the samples # # encrypt text Encrypt-String "Hello" # decrypt text Decrypt-String "Zyy9onHG3BZewD7dMjqd8g==" # encrypt single file Encrypt-File "D:\test\z.zip" "D:\test\z1.zip" # decrypt single file Decrypt-File "D:\test\z1.zip" "D:\test\z2.zip" # encrypt folder content Get-ChildItem D:\test\ | % { Encrypt-File $_.FullName ($_.FullName + ".encrypted") } # encrypt folder content, override existing file Get-ChildItem D:\test\ | % { Encrypt-File $_.FullName } # decrypt folder content Get-ChildItem D:\test\ | % { Decrypt-File $_.FullName } Get-ChildItem D:\test\ | % { Decrypt-File ($_.FullName + ".encrypted") }