PowerShell Remoting Project Home

Wednesday, March 22, 2006

Monad Remoting - Now Can Read SecureString From Remote Client

Implementation of ReadLineAsSecureString() in MshHostUserInterface.

Just upload a new version of "Monad Remoting". It can read SecureString from remote client console now.

SecureString will not be kept secret if you store its content in a normal string first. That is to say, we have to read it from console and store them directly as SecureString. But before sent them to remote server, we have to decrypt it to byte[ ]. NegotiateStream will encrypt (decrypted) byte[ ] before write to NetworkStream. At server side, we have to get the byte[ ] and restore it to a SecureString.

Although I tried to minimize exposure and clear my footprint behind me, there are still potential security problems. So use it at your own risk. I post the code here, in case someone want to take a close look at those steps I mentioned here.
                do
                {
                    keyinfo = Console.ReadKey(true);
                    if ((keyinfo.Modifiers & ConsoleModifiers.Alt) != 0 || (keyinfo.Modifiers & ConsoleModifiers.Control) != 0) continue;
                    if (keyinfo.Key == ConsoleKey.Enter)
                    {
                        Console.WriteLine();
                        break;
                    }
                    if (password.Length == 512)
                    {
                        Console.Write("\r\nRead 512 (Maxium) Characters!");
                        break;
                    }
                    if (keyinfo.Key == ConsoleKey.Backspace)
                    {
                        password.RemoveAt(password.Length - 1);
                        Console.Write('\b');
                        Console.Write(' ');
                        Console.Write('\b');
                        continue;
                    }
                    password.AppendChar(keyinfo.KeyChar);
                    Console.Write('*');
                }
                while (keyinfo.Key != ConsoleKey.Enter);
                if (password.Length > 0)
                {
                    Plantext = GetByteArrayFromSecurString(password);
                    authStream.Write(Plantext, 0, Plantext.Length);
                    Array.Clear(Plantext, 0, Plantext.Length);
                }
At this point, you can now enjoy the get-credential, new-securestring cmdlets.


I really wish we could have a in-process su command, because the trick of
[System.Diagnostics.Process]::Start()
will not work for remote client. Well, we have to expect that at next version of monad.

Have Fun.

Tags:    


Comments:
Oes Tsetnoc one of the ways in which we can learn seo besides Mengembalikan Jati Diri Bangsa. By participating in the Oes Tsetnoc or Mengembalikan Jati Diri Bangsa we can improve our seo skills. To find more information about Oest Tsetnoc please visit my Oes Tsetnoc pages. And to find more information about Mengembalikan Jati Diri Bangsa please visit my Mengembalikan Jati Diri Bangsa pages. Thank you So much.
Oes Tsetnoc | Semangat Mengembalikan Jati Diri Bangsa
 

Post a Comment



Links to this post:

Create a Link



<< Home