Can you send an API secret key if it is encrypted?












1















Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.



I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?



Update:



Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.



$key = new-object -typename System.Management.Automation.PSCredential - 
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password


$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'

# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"

#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource

}



#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {

echo "true"
}


Thanks for your help and patience.










share|improve this question

























  • Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.

    – postanote
    Jan 17 at 1:25











  • Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.

    – Appleoddity
    Jan 17 at 5:41











  • Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.

    – dillon.harless
    Jan 17 at 13:08
















1















Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.



I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?



Update:



Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.



$key = new-object -typename System.Management.Automation.PSCredential - 
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password


$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'

# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"

#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource

}



#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {

echo "true"
}


Thanks for your help and patience.










share|improve this question

























  • Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.

    – postanote
    Jan 17 at 1:25











  • Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.

    – Appleoddity
    Jan 17 at 5:41











  • Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.

    – dillon.harless
    Jan 17 at 13:08














1












1








1








Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.



I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?



Update:



Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.



$key = new-object -typename System.Management.Automation.PSCredential - 
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password


$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'

# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"

#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource

}



#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {

echo "true"
}


Thanks for your help and patience.










share|improve this question
















Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.



I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?



Update:



Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.



$key = new-object -typename System.Management.Automation.PSCredential - 
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password


$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'

# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"

#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource

}



#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {

echo "true"
}


Thanks for your help and patience.







powershell api






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 17 at 14:39







dillon.harless

















asked Jan 16 at 23:28









dillon.harlessdillon.harless

83




83













  • Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.

    – postanote
    Jan 17 at 1:25











  • Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.

    – Appleoddity
    Jan 17 at 5:41











  • Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.

    – dillon.harless
    Jan 17 at 13:08



















  • Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.

    – postanote
    Jan 17 at 1:25











  • Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.

    – Appleoddity
    Jan 17 at 5:41











  • Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.

    – dillon.harless
    Jan 17 at 13:08

















Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.

– postanote
Jan 17 at 1:25





Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.

– postanote
Jan 17 at 1:25













Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.

– Appleoddity
Jan 17 at 5:41





Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.

– Appleoddity
Jan 17 at 5:41













Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.

– dillon.harless
Jan 17 at 13:08





Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.

– dillon.harless
Jan 17 at 13:08










1 Answer
1






active

oldest

votes


















0














Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.



Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/



And here is how I solved it.



$keyObject = new-object -typename System.Management.Automation.PSCredential - 
argumentlist $keyFile.username, $keyFile.password
$secretObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password

$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
sso-key


$($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
...






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395160%2fcan-you-send-an-api-secret-key-if-it-is-encrypted%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.



    Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/



    And here is how I solved it.



    $keyObject = new-object -typename System.Management.Automation.PSCredential - 
    argumentlist $keyFile.username, $keyFile.password
    $secretObject = new-object -typename System.Management.Automation.PSCredential -
    argumentlist $secretFile.username, $secretFile.password

    $newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
    sso-key


    $($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
    ...






    share|improve this answer






























      0














      Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.



      Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/



      And here is how I solved it.



      $keyObject = new-object -typename System.Management.Automation.PSCredential - 
      argumentlist $keyFile.username, $keyFile.password
      $secretObject = new-object -typename System.Management.Automation.PSCredential -
      argumentlist $secretFile.username, $secretFile.password

      $newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
      sso-key


      $($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
      ...






      share|improve this answer




























        0












        0








        0







        Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.



        Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/



        And here is how I solved it.



        $keyObject = new-object -typename System.Management.Automation.PSCredential - 
        argumentlist $keyFile.username, $keyFile.password
        $secretObject = new-object -typename System.Management.Automation.PSCredential -
        argumentlist $secretFile.username, $secretFile.password

        $newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
        sso-key


        $($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
        ...






        share|improve this answer















        Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.



        Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/



        And here is how I solved it.



        $keyObject = new-object -typename System.Management.Automation.PSCredential - 
        argumentlist $keyFile.username, $keyFile.password
        $secretObject = new-object -typename System.Management.Automation.PSCredential -
        argumentlist $secretFile.username, $secretFile.password

        $newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
        sso-key


        $($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
        ...







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 18 at 13:53

























        answered Jan 17 at 14:38









        dillon.harlessdillon.harless

        83




        83






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395160%2fcan-you-send-an-api-secret-key-if-it-is-encrypted%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to make a Squid Proxy server?

            Is this a new Fibonacci Identity?

            19世紀