When you encrypt secret information, the challenge is to find a good secret. One particular safe secret would be your Windows identity, paired with your computer’s identity. This can be used to encrypt sensitive personal information on a particular computer.
Here are two functions that illustrate how it’s done:
function Decrypt-Text { param ( [String] [Parameter(Mandatory,ValueFromPipeline)] $EncryptedText ) process { $secureString = $EncryptedText | ConvertTo-SecureString $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureString) [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) } } function Encrypt-Text { param ( [String] [Parameter(Mandatory,ValueFromPipeline)] $Text ) process { $Text | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString } } 'PowerShell Rocks' | Encrypt-Text 'Hello, World!' | Encrypt-Text | Decrypt-Text
You can safely save the encrypted text to a file. Only you will be able to read in and decrypt that text again, and only if it is done on the computer used to encrypt the data.
