Wednesday, June 29, 2011

Securing passwords in PowerShell

It is sometimes necessary to use plaintext passwords in PowerShell scripts, but obviously not a good idea to have those passwords stored in cleartext on disk. The solution is to use the PowerShell ConvertTo-SecureString and ConvertFrom-SecureString cmdlets to encrypt the password, save it to a file, and then decrypt it in memory when required. I ported this function to PowerShell for properly converting the SecureString to a string.

The code below uses the default encryption method, which is specific to the logged in user (or, more precisely, the user that is running the code). Note that, for machines that have joined a domain, a domain administrator can decrypt your data by resetting your password. No other users can decrypt your data.

Encrypt password and save to a file

$secureStringPassword = Read-Host "Enter the password" -AsSecureString
$encryptedPassword = ConvertFrom-SecureString $secureStringPassword
Set-Content -Path Password.bin -Value $encryptedPassword

Load and decrypt the password in memory

function ConvertToUnsecureString(
    [System.Security.SecureString][parameter(mandatory=$true)]$SecurePassword)
{
    $unmanagedString = [System.IntPtr]::Zero;
    try
    {
        $unmanagedString = [Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($SecurePassword)
        return [Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString)
    }
    finally
    {
        [Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($unmanagedString)
    }
}

$encryptedPassword = Get-Content -Path Password.bin
$secureStringPassword = ConvertTo-SecureString -String $encryptedPassword
$password = ConvertToUnsecureString $secureStringPassword 

Sunday, June 12, 2011

Convert DICOM medical images to png or jpg

We received our baby scans on CD in DICOM format which can be viewed in the viewer on disk. I wanted to convert these to a more popular format - either png (lossless) or jpg (lossy).

I used ImageMagick through PowerShell to convert all the images and save them into a separate folder:

mogrify -format png *; md Converted; move *.png Converted