PowerShell - Get-Credential and certificates

Matthew Bongiovi  had a discussion on Get-Credential and how it works. So useful, that I thought I'd cut/paste it here so that you and I can refer to it in future! See below:


The Get-Credential cmdlet generates the prompt using the CredUIPromptForCredentials function. The documentation for that function says:

“In the case of credentials other than UserName/Password, a marshaled format of the credential can be passed in. This string is created by calling CredMarshalCredential.”

For me, this is actually exactly what I want. However, for someone else looking to then decode that UserName string in the PSCredential, they can reverse the marshalling of that string into its struct, which is the CERT_CREDENTIAL_INFO struct. From that, they could collect the SHA-1 hash of the certificate.



SAMPLE CODE AT: https://github.com/bongiovimatthew-microsoft/pscredentialWithCert


PS. Matt has now blogged this in detail!