Skip to content

Comments

Enable securestring cmdlets for non-Windows#9199

Merged
TravisEz13 merged 5 commits intoPowerShell:masterfrom
SteveL-MSFT:secure-string
Mar 23, 2019
Merged

Enable securestring cmdlets for non-Windows#9199
TravisEz13 merged 5 commits intoPowerShell:masterfrom
SteveL-MSFT:secure-string

Conversation

@SteveL-MSFT
Copy link
Member

@SteveL-MSFT SteveL-MSFT commented Mar 22, 2019
edited
Loading

PR Summary

On Unix systems, fallback to plaintext manipulation instead of using the DPAPI which is not available.

PR Context

Currently, existing scripts that use SecureString cmdlets fail with an error complaining about crypt32.dll not being available. This change allows these cmdlets to be used, but there is no encryption of the string.
.Net already states that the contents of a SecureString are not encrypted on .Net Core.

Fix #1654

PR Checklist

@SteveL-MSFT
Copy link
Member Author

SteveL-MSFT commented Mar 22, 2019

Reviewed the CodeFactor issues, all are for code I didn't change (but wrapped in #if), made some fixes that I agreed with, but the remaining are not applicable in the context of this PR (false hungarian detection, underscores in fields)

vexx32
vexx32 reviewed Mar 22, 2019
View reviewed changes
Copy link
Collaborator

@vexx32 vexx32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also perhaps add a warning / obsolete message alerting Unix users to the fact that it's not... actually secure, and even less so than Windows?

@iSazonov
Copy link
Collaborator

iSazonov commented Mar 22, 2019

From mentioned docs:

On the Windows operating system, the contents of a SecureString instance's internal character array are encrypted.

It seems we need to correct our already merged docs.

Also have we problems in remote scenarios?

@SteveL-MSFT
Copy link
Member Author

SteveL-MSFT commented Mar 22, 2019

@iSazonov Looking at the corefx sources, it appears that on Windows, it does call into the crypt32 apis and encrypts the in memory representation in SecureString. I'll submit a PR to update the docs to reflect this. As far as remoting, SecureString encryption is local to the machine so it is always decrypted before sending over the encrypted PSRP channel before being re-secured as a SecureString, so no impact there.

@SteveL-MSFT SteveL-MSFT mentioned this pull request Mar 22, 2019
Merged
9 tasks
PaulHigin
PaulHigin approved these changes Mar 22, 2019
View reviewed changes
Copy link
Contributor

@PaulHigin PaulHigin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look Ok. But I feel that since we used to throw an error before and now succeed without protecting the string (non-Windows only), there should be some kind of user notification. I am not sure if a warning should be displayed by SecureString cmdlets, but at least documentation should be updated. Can you create a doc bug?

@SteveL-MSFT
Copy link
Member Author

SteveL-MSFT commented Mar 22, 2019

@PoshChan Remind me in 1 minute

@PoshChan
Copy link
Collaborator

PoshChan commented Mar 22, 2019

@SteveL-MSFT, I do not understand: Remind me in 1 minute

@SteveL-MSFT
Copy link
Member Author

SteveL-MSFT commented Mar 22, 2019

@PoshChan Please remind me in 1 minute

@PoshChan
Copy link
Collaborator

PoshChan commented Mar 22, 2019

@SteveL-MSFT, will remind you in 1 minute

@PoshChan
Copy link
Collaborator

PoshChan commented Mar 22, 2019

@SteveL-MSFT, this is the reminder you requested 1 minute ago

@TravisEz13 TravisEz13 added this to the 6.2.0-GA-Consider milestone Mar 22, 2019
daxian-dbw
daxian-dbw reviewed Mar 22, 2019
View reviewed changes
@TravisEz13 @SteveL-MSFT
Update src/System.Management.Automation/security/SecureStringHelper.cs
ee1f2e2 
Co-Authored-By: SteveL-MSFT <slee@microsoft.com>
@iSazonov iSazonov added the CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log label Mar 23, 2019
@TravisEz13 TravisEz13 merged commit 3255d84 into PowerShell:master Mar 23, 2019
@SteveL-MSFT SteveL-MSFT deleted the secure-string branch March 23, 2019 19:26
TravisEz13 added a commit that referenced this pull request Mar 25, 2019
@SteveL-MSFT @TravisEz13
Enable SecureString cmdlets for non-Windows (#9199)
9e608ac 
On Unix systems, fallback to plaintext manipulation instead of using the DPAPI which is not available.

## PR Context

Currently, existing scripts that use SecureString cmdlets fail with an error complaining about crypt32.dll not being available.  This change allows these cmdlets to be used, but there is no encryption of the string.
.Net already [states](https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netcore-2.1#remarks) that the contents of a SecureString are not encrypted on .Net Core.

Fix #1654

Co-authored-by: Travis Plunk <travis.plunk@microsoft.com>
@TravisEz13 TravisEz13 modified the milestones: 6.2.0-GA-Consider, 6.2.0 Mar 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daxian-dbw daxian-dbw daxian-dbw left review comments

@TravisEz13 TravisEz13 TravisEz13 approved these changes

+2 more reviewers

@vexx32 vexx32 vexx32 left review comments

@PaulHigin PaulHigin PaulHigin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@TravisEz13 TravisEz13

Labels

CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log

Projects

None yet

Milestone

6.2.0

Development

Successfully merging this pull request may close these issues.

ConvertFrom-SecureString is broken on Linux

7 participants

@SteveL-MSFT @iSazonov @PoshChan @daxian-dbw @TravisEz13 @PaulHigin @vexx32