best way to encrypt passwords in cmd files?

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
scavenger
Posts: 18
Joined: 23 May 2015 13:51
Contact:

best way to encrypt passwords in cmd files?

#1 Post by scavenger » 20 Jan 2020 10:55

hi

i am saving passwords in cmd files that i replay based on their names. these files have other variables setup than just passwords:

Code: Select all

var1=xyz
var2=xyz
password=P@ssw0rd
what is the best way to encrypt or obfuscate the passwords?
certutil.exe would encrypt the whole file and I don't want that.

I played around with powershell and got this proof of concept for encryption:

Code: Select all

set pass=P@ssw0rd
call set "gg=powershell -executionPolicy bypass -Command $SecureString = ConvertTo-SecureString "%pass%" -AsPlainText -Force; ConvertFrom-SecureString -SecureString $SecureString;"
call %gg%
--- prints out the secure string ----
unfortunately i can only spit out strings, i cannot dynamically set a password variable with it's output: a temporary file is needed, with a classic for loop to set a variable.
  • could this be done without the use of temporary file?
  • Is there a faster or a better practice commonly used by you guys?

aGerman
Expert
Posts: 4654
Joined: 22 Jan 2010 18:01
Location: Germany

Re: best way to encrypt passwords in cmd files?

#2 Post by aGerman » 21 Jan 2020 11:20

Password encryption in Batch is rather useless. So at least I don't do that at all, I don't think there is something like a "best way", and you better don't rely on things like that.

However, if you want to use PowerShell try it that way:

Code: Select all

@echo off &setlocal
set "password=P@ssw0rd"

setlocal EnableDelayedExpansion
for /f %%i in (
 'powershell -nop -ep bypass -c "ConvertFrom-SecureString -SecureString (ConvertTo-SecureString '!password:'=''!' -AsPlainText -Force)"'
) do endlocal &set "encrypted=%%i"

echo %encrypted%

for /f "delims=" %%i in (
 'powershell -nop -ep bypass -c "[System.Net.NetworkCredential]::new('', (ConvertTo-SecureString -String '%encrypted%')).Password"'
) do set "decrypted=%%i"


echo %decrypted%
pause
Steffen

DQ2000
Posts: 38
Joined: 07 Aug 2019 17:26

Re: best way to encrypt passwords in cmd files?

#3 Post by DQ2000 » 21 Jan 2020 14:27

Code: Select all

Encriptador:
@echo off
set /p palabra=Ingrese la palabra a cifrar:
set var=%palabra%
set resultado1=%var:a=1%
set resultado2=%resultado1:b=-%
set resultado3=%resultado2:c=.%
set resultado4=%resultado3:d=\%
set resultado5=%resultado4:e=$%
set resultado6=%resultado5:f=;%
set resultado7=%resultado6:g=?%
set resultado8=%resultado7:h=[%
set resultado9=%resultado8:i=+%
set resultado10=%resultado9:j=)%
set resultado11=%resultado10:k=]%
set resultado12=%resultado11:l=!%
set resultado13=%resultado12:m=(%
set resultado14=%resultado13:n=@%
set resultado15=%resultado14:ñ=¿%
set resultado16=%resultado15:o=,%
set resultado17=%resultado16:p=4%
set resultado18=%resultado17:q=/%
set resultado19=%resultado18:r=_%
set resultado20=%resultado19:s={%
set resultado21=%resultado20:t=#%
set resultado22=%resultado21:u=¡%
set resultado23=%resultado22:v=}%
set resultado24=%resultado23:w=:%
set resultado25=%resultado24:x=2%
set resultado26=%resultado25:y=6%
set resultado27=%resultado26:z=9%
echo %resultado27%
pause > nul
exit

Code: Select all

Desencriptador:
@echo off
set /p palabra=Ingrese la palabra a cifrar:
set var=%palabra%
set resultado1=%var:1=a%
set resultado2=%resultado1:-=b%
set resultado3=%resultado2:.=c%
set resultado4=%resultado3:\=d%
set resultado5=%resultado4:$=e%
set resultado6=%resultado5:;=f%
set resultado7=%resultado6:?=g%
set resultado8=%resultado7:[=h%
set resultado9=%resultado8:+=i%
set resultado10=%resultado9:)=j%
set resultado11=%resultado10:]=k%
set resultado12=%resultado11:!=l%
set resultado13=%resultado12:(=m%
set resultado14=%resultado13:@=n%
set resultado15=%resultado14:¿=ñ%
set resultado16=%resultado15:,=o%
set resultado17=%resultado16:4=p%
set resultado18=%resultado17:/=q%
set resultado19=%resultado18:_=r%
set resultado20=%resultado19:{=s%
set resultado21=%resultado20:#=t%
set resultado22=%resultado21:¡=u%
set resultado23=%resultado22:}=v%
set resultado24=%resultado23::=w%
set resultado25=%resultado24:2=x%
set resultado26=%resultado25:6=y%
set resultado27=%resultado26:9=z%
echo %resultado27%
pause > nul
exit

scavenger
Posts: 18
Joined: 23 May 2015 13:51
Contact:

Re: best way to encrypt passwords in cmd files?

#4 Post by scavenger » 21 Jan 2020 18:06

DQ2000 wrote:
21 Jan 2020 14:27
Classic caesar cipher revisited lol I like that.

"Better stay away from batch for password encryption" thanks but that doesn't help.

you are certainly right but it's never my call when it comes to security, and I need to hide passwords somehow.

DQ2000
Posts: 38
Joined: 07 Aug 2019 17:26

Re: best way to encrypt passwords in cmd files?

#5 Post by DQ2000 » 25 Jan 2020 20:19

And what did you expect us to eat you?
you have to learn something always if we give it to you all of us never learn anything.

pieh-ejdsch
Posts: 239
Joined: 04 Mar 2014 11:14
Location: germany

Re: best way to encrypt passwords in cmd files?

#6 Post by pieh-ejdsch » 26 Jan 2020 00:26

Maybe you shouldn't call the variable password.
More like count files or something.
Give the password file restricted / explicit user rights.

penpen
Expert
Posts: 1991
Joined: 23 Jun 2013 06:15
Location: Germany

Re: best way to encrypt passwords in cmd files?

#7 Post by penpen » 26 Jan 2020 09:48

The "best way..." you are asking for most probably depends on what you want to achieve with your batch file.
So, why do you want to store passwords in batch?
Do you want to create a password-safe (~= collection of passwords enrypted),
do you want to create some kind of registration,
or a login-script or a login-frontend for another program, ... .

Some tasks might be accomplishable in a (hybrid batch/)powershell program, for example a password-safe;
this could be done using RSA (see https://social.technet.microsoft.com/wi ... errsa.aspx), if you are using a single (securely safed) decryption batch, then you could encrypt (and salt) all passwords in pretty secure way with a second encryption batch.


penpen

scavenger
Posts: 18
Joined: 23 May 2015 13:51
Contact:

Re: best way to encrypt passwords in cmd files?

#8 Post by scavenger » 27 Jan 2020 11:29

pieh-ejdsch wrote:
26 Jan 2020 00:26
Maybe you shouldn't call the variable password.
More like count files or something.
Give the password file restricted / explicit user rights.
very good idea!!!!

scavenger
Posts: 18
Joined: 23 May 2015 13:51
Contact:

Re: best way to encrypt passwords in cmd files?

#9 Post by scavenger » 20 May 2020 00:15

the password needs to be stored in a file somehow. my issue is with characters like "^" which is used as escape character.
reading it with a for loop works but then, echo %pw% will not show the "^" but echo "%pw%" will, however that causes issues when i pass the password to an msi installer

whatever, let's close this subject. have a great week

penpen
Expert
Posts: 1991
Joined: 23 Jun 2013 06:15
Location: Germany

Re: best way to encrypt passwords in cmd files?

#10 Post by penpen » 20 May 2020 04:38

If that#s your only issue, then you could do that (if i don't error) by using delayed expansion when usefull and not using it when harmfull; example:

Code: Select all

@echo off
setlocal enableExtensions disableDelayedExpansion

set "line="
for /f "usebackq tokens=* delims=" %%a in ("%~f0") do (
	set "line=%%~a"
	setlocal enableDelayedExpansion
	echo(!line!
	endlocal
)
goto :eof

sample password : \ ; , & | ^ ! %
Sidenote: When asking for help, you should consider mentioning your issues before you close your topic.

penpen

Post Reply