Package Recorder - encrypt password in "InstPara" option

Allgemein
1

Hello everyone,
I need to use password for installation in the „InsPara“ option. Is there any possibility how to encrypt the password there please ?
Thank you in advance

2

Hi @Ladislav

when you put a password into the „InstPara“ the value must travel all the way down to each target PC, because the setup will need the clear-text password at runtime.

  1. What happens on the client

    • Whatever you write in InstPara is stored in various places
    • Before the setup is executed the client agent must hand the password to the installer in plain text – otherwise the installer could not use it.
    • Therefore every client already must have everything that is needed to recover the password, even if it arrived „encrypted“. Attackers who control or can inspect one client can always reverse the process offline.

  2. Why simple „encryption“ does not help

    • A reversible algorithm (e.g. AES with a hard-coded key, …) only hides the value from a casual glance.
    • Because the decryption key has to be bundled with the job or built into the agent, the key is just as accessible as the ciphertext.
    • Armed with this knowledge, there are often plenty of ways to extract the password and decrypt the secret.

  3. Cosmetic alternative: Base64 encoding

    • With 2. in mind you could also Base64-encode the password so it no longer looks readable at first sight:
      Example: MyS3cr3t!TXlTM2NyM3Qh
    • This removes the password from plain view in scripts, logs, but it is only an obfuscation. A single PowerShell line ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(...))) reveals it immediately.

  4. What a real solution would require

    • True security needs a secret that is unique per client or at least not publicly known.
    • That implies you first have to distribute some form of key/certificate to every endpoint (for example a device-bound certificate issued by your PKI).
    • The deployment system would then encrypt the installer password with the individual public key of each client; only that client could decrypt it with its private key.
    • Without such a pre-established trust anchor, the deployment server has no safe place to hide the decryption key, so any „encryption“ remains security by obscurity.

In short: if every client must know the password, every client can also disclose it. Base64 or other simple key based encryption helps to keep logs tidy but does not provide real security. A proper encrypted approach only works when you have already rolled out a unique secret (certificate, TPM-bound key, etc.) to each device.

Regards
Marco