Convert a secure string to plain text
Solution 1:
You are close, but the parameter you pass to SecureStringToBSTR
must be a SecureString
. You appear to be passing the result of ConvertFrom-SecureString
, which is an encrypted standard string. So call ConvertTo-SecureString
on this before passing to SecureStringToBSTR
.
$SecurePassword = ConvertTo-SecureString $PlainPassword -AsPlainText -Force
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
Solution 2:
You may also use PSCredential.GetNetworkCredential() :
$SecurePassword = Get-Content C:\Users\tmarsh\Documents\securePassword.txt | ConvertTo-SecureString
$UnsecurePassword = (New-Object PSCredential "user",$SecurePassword).GetNetworkCredential().Password
Solution 3:
The easiest way to convert back it in PowerShell
[System.Net.NetworkCredential]::new("", $SecurePassword).Password
Solution 4:
In PS 7, you can use ConvertFrom-SecureString
and -AsPlainText
:
#Requires -Version 7.0
$UnsecurePassword = ConvertFrom-SecureString -SecureString $SecurePassword -AsPlainText
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/ConvertFrom-SecureString?view=powershell-7#parameters
ConvertFrom-SecureString
[-SecureString] <SecureString>
[-AsPlainText]
[<CommonParameters>]