Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, April 6, 2016 8:56 PM
I am exploring using the win iot Raspberry Pi2 to access a remote non-windows device that requires a username and password.
I want to store the credentials to this device 'securely'.
The export-clixml cmdlet is missing in windows iot so plan B was to fallback on the old way by creating the credential using get-credential and inputting the username and password. Then getting the 'secure' text version by using ConvertFrom-SecureString and storing that in a file.
This does not work since it throws a CryptographicException as shown below.
[RaspberryPi2B]: PS C:\Data\Users\ralf\Documents> $password = Read-Host "Enter Password: " -AsSecureString
WARNING: A script or application on the remote computer RASPBERRYPI2B is sending a prompt request. When you are prompted, enter sensitive information, such as
credentials or passwords, only if you trust the remote computer and the application or script that is requesting the data.
Enter Password: : ********
[RaspberryPi2B]: PS C:\Data\Users\ralf\Documents> $secure = ConvertFrom-SecureString $password
ConvertFrom-SecureString : Error occurred during a cryptographic operation.
At line:1 char:11
- $secure = ConvertFrom-SecureString $password
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [ConvertFrom-SecureString], CryptographicException
+ FullyQualifiedErrorId : System.Security.Cryptography.CryptographicException,Microsoft.PowerShell.Commands.ConvertFromSecureStringCommand
Is there some registry setting that needs to be changed or do I have to store the plain text password?
running OS version 10.0.10586 on a Raspberry Pi2.
All replies (6)
Friday, April 8, 2016 7:16 PM âś…Answered
Hi jedgar & cyberh0me,
The team has looked into this issue and has found the source of the message. You can find the full details on the call here https://technet.microsoft.com/en-us/library/hh849814.aspx.
Basically, in IoT Core there is no pre-populated key like there is on your Desktop & Tablet so you need to add one before you call.
In short, using a 192-bit key as an example, one would have to do something like the following:
[Remote]: PS C:\ $key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
[Remote]: PS C:\ $secure = ConvertFrom-SecureString $password -Key $key
Please let me know if this solves your issue.
Sincerely,
IoTGirl
Wednesday, April 6, 2016 10:49 PM
Hi jedgar222,
Have you tried this same code on the desktop? Does it have the same issue? Also, you are running 10586. Have you joined Windows Insiders and can you try 14295?
Sincerely,
IoTGirl
Thursday, April 7, 2016 1:09 AM
Yes it works on the desktop. Here is what happens on my surface:
[surface]: PS C:\Users\ralf> $password = Read-Host "Enter Password: " -AsSecureString
WARNING: A script or application on the remote computer SURFACE is sending a prompt request
passwords, only if you trust the remote computer and the application or script that is requesting
Enter Password: : ********
[surface]: PS C:\Users\ralf> $password | ConvertFrom-SecureString
01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a6eaaaa74e3f974684220c6c296c0585000000
982a45781d776704fde23e2b20000000570b0c8dd44c66f958f5832400418577a38368b80a4dd0bcb5bbf6
Also running 10.0.10586.
I do not plan on upgrading the pi to the insider load, I do have it running on a VM though.
Thursday, April 7, 2016 2:45 PM
fyi tried it on 14295 pi with same result
Friday, April 8, 2016 10:06 PM
Yes the exception is gone when using the -key option.
I can now store the password in a file in a secure fashion, then retrieve the unencrypted password by using ConvertTo-SecureString -key $key on the string from the file and then using GetNetworkCredential().Password method on a temporary pscredential object with the secure string object for the password.
Definitely a step forward.
Now how do I store the key securely? How does a desktop store this?
Suggestions welcome.
Thanks much for the help.
Thursday, April 28, 2016 6:55 PM
Hi Jedgar,
I am marking the original question as answered. The new question should be opened in a new topic thread and I do suggest using the Windows Insiders forums in order to get a full Windows 10 answer to that question.
Sincerely,
IoTGirl