How to Convert Securestring to System.String

How to convert SecureString to System.String?

Use the System.Runtime.InteropServices.Marshal class:

String SecureStringToString(SecureString value) {
  IntPtr valuePtr = IntPtr.Zero;
  try {
    valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
    return Marshal.PtrToStringUni(valuePtr);
  } finally {
    Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
  }
}

If you want to avoid creating a managed string object, you can access the raw data using Marshal.ReadInt16(IntPtr, Int32):

void HandleSecureString(SecureString value) {
  IntPtr valuePtr = IntPtr.Zero;
  try {
    valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
    for (int i=0; i < value.Length; i++) {
      short unicodeChar = Marshal.ReadInt16(valuePtr, i*2);
      // handle unicodeChar
    }
  } finally {
    Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
  }
}

Convert String to SecureString

You don't. The whole reason for using the SecureString object is to avoid creating a string object (which is loaded into memory and kept there in plaintext until garbage collection). However, you can add characters to a SecureString by appending them.

var s = new SecureString();
s.AppendChar('d');
s.AppendChar('u');
s.AppendChar('m');
s.AppendChar('b');
s.AppendChar('p');
s.AppendChar('a');
s.AppendChar('s');
s.AppendChar('s');
s.AppendChar('w');
s.AppendChar('d');

How do you decrypt securestring in powershell

$password = Read-Host "Enter password" -AsSecureString
$password = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$password = [Runtime.InteropServices.Marshal]::PtrToStringBSTR($password)
echo $password
pause

To convert Read-Host SecureStrings to normal strings, you use

$NewVaraible = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($ReadVariable)
$NewNewVariable = [Runtime.InteropServices.Marshal]::PtrToStringBSTR($NewVariable)

Or you could just update the existing variable:

$ReadVaraible = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($ReadVariable)
$ReadVariable = [Runtime.InteropServices.Marshal]::PtrToStringBSTR($ReadVariable)

---

^{Thank you @mklement0 for your insightful comments; updated answer accordingly to mklement0's comment}

Convert a secure string to plain text

You are close, but the parameter you pass to SecureStringToBSTR must be a SecureString. You appear to be passing the result of ConvertFrom-SecureString, which is an encrypted standard string. So call ConvertTo-SecureString on this before passing to SecureStringToBSTR.

$SecurePassword = ConvertTo-SecureString $PlainPassword -AsPlainText -Force
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)

Cannot convert the System.Security.SecureString value of type System.String to type System.Security.SecureString

I finally find a solution for my problem. I used the command NET, so here the che command line that I used

NET USER $user $pass /ADD

For the other parameters, I'll pass after it creates the user

$pass is NOT a secure string!

Convert SecureString with ANSI-character to unmanaged string

Strings are sequences of chars, not bytes. (char)128 represents the Unicode codepoint U+0080 which has no representation in whatever code page is your machine's ANSI code page, so you get the question mark (ANSI 63) instead.

This has nothing to do with SecureStrings. You would get the same result with Encoding.GetBytes/Encoding.GetString.

---

Please make sure you have visited this before you proceed.

---

If you are certain that your secure string will only contain codepoints below 256, and you want roundtrip representation of such codepoints in ANSI, then you can arrange that using codepage 28591:

public static byte[] SecureStringToRoundtripAnsiByteArray(SecureString secureString)
{
    var buffer_ptr = Marshal.SecureStringToCoTaskMemUnicode(secureString);

    try
    {
        byte[] buffer = new byte[secureString.Length * sizeof(char)];
        Marshal.Copy(buffer_ptr, buffer, 0, buffer.Length);

        try
        {
            return System.Text.Encoding.Convert(System.Text.Encoding.Unicode, System.Text.Encoding.GetEncoding(28591), buffer);
        }
        finally
        {
            Array.Clear(buffer, 0, buffer.Length);
        }
    }
    finally
    {
        Marshal.ZeroFreeCoTaskMemUnicode(buffer_ptr);
    }
}

using (var secureString = new SecureString())
{
    for (int i = 0; i < 256; i++)
        secureString.AppendChar((char)i);

    secureString.MakeReadOnly();

    byte[] b = SecureStringToRoundtripAnsiByteArray(secureString);

    for (int i = 0; i < 256; i++)
        Console.WriteLine(b[i]);
}

Can not convert String to Secure String for use in New-ADUser

Change

AccountPassword = "$password"

to

AccountPassword = $password

If you have quotes around the variable, it is taken as a regular string instead of a secure string. Proof:

$plainText = "Plain text"
$secureString = ConvertTo-SecureString $plainText -AsPlainText -Force
$quotedSecureString = "$secureString"
$plainText.GetType()
$secureString.GetType()
$quotedSecureString.GetType()

results in

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     String                                   System.Object
True     False    SecureString                             System.Object
True     True     String                                   System.Object

---

Related Topics