This is the built-in help made by Microsoft for the command 'ConvertFrom-SecureString', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Converts a secure string into an encrypted standard string.
ConvertFrom-SecureString [-SecureString] <SecureString> [[-SecureKey] <SecureString>] [<CommonParameters>]
ConvertFrom-SecureString [-SecureString] <SecureString> [-Key <Byte[]>] [<CommonParameters>]
The ConvertFrom-SecureString cmdlet converts a secure string (System.Security.SecureString) into an encrypted standard string (System.String).
Unlike a secure string, an encrypted standard string can be saved in a file for later use. The encrypted standard string can be converted back
to its secure string format by using the ConvertTo-SecureString cmdlet.
If an encryption key is specified by using the Key or SecureKey parameters, the Advanced Encryption Standard (AES) encryption algorithm is
used. The specified key must have a length of 128, 192, or 256 bits because those are the key lengths supported by the AES encryption
algorithm. If no key is specified, the Windows Data Protection API (DPAPI) is used to encrypt the standard string representation.
<
Online Version: http://go.microsoft.com/fwlink/?LinkID=113287
ConvertTo-SecureString
Read-Host
<
-------------------------- EXAMPLE 1 --------------------------
PS C:\> $SecureString = Read-Host -AsSecureString
This command creates a secure string from characters that you type at the command prompt. After entering the command, type the string you want
to store as a secure string. An asterisk (*) is displayed to represent each character that you type.
-------------------------- EXAMPLE 2 --------------------------
PS C:\> $StandardString = ConvertFrom-SecureString $SecureString
This command converts the secure string in the $SecureString variable to an encrypted standard string. The resulting encrypted standard string
is stored in the $StandardString variable.
-------------------------- EXAMPLE 3 --------------------------
PS C:\> $Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
PS C:\>$StandardString = ConvertFrom-SecureString $SecureString -Key $Key
These commands use the Advanced Encryption Standard (AES) algorithm to convert the secure string stored in the $SecureString variable to an
encrypted standard string with a 192-bit key. The resulting encrypted standard string is stored in the $standardstring variable.
The first command stores a key in the $Key variable. The key is an array of 24 digits, all of which are less than 256.
Because each digit represents a byte (8 bits), the key has 24 digits for a total of 192 bits (8 x 24). This is a valid key length for the AES
algorithm. Each individual value is less than 256, which is the maximum value that can be stored in an unsigned byte.
The second command uses the key in the $Key variable to convert the secure string to an encrypted standard string.