In two of my previous posts I showed how to encrypt and decrypt files with certificates. I think the time has come to automate that procedure. In short, I will provide a tool which enables you to encrypt files. Don’t worry about the certificate, the tool will ask you if you already have one. If not, it will be created. That’s how it works.
Why would you want to do that? Maybe you want to encrypt file content, or you want to protect your password file. I would never recommend storing passwords in plain text, but my experience tells me, that this is still very often the case. Put an end to it! 😉
Let’s dive in.
EncryptFiles.ps1 in Action (no Certificate)
Once you have downloaded the tool (for download see below), run it. You’ll be asked if you already have a certificate. In this first part we don’t have one.
Press N and enter a certificate name. The certificate will be created …
You must enter a password for the pfx file. That’s because you want to have a backup of the certificate, believe me 😉 In my tool backing up the newly created certificate is mandatory.
Now enter the path to the file to encrypt. After that, Notepad opens and you can see your encrypted file.
EncryptFiles.ps1 in Action (you have a Certificate)
If you already have a certificate (I guess most of the readers don’t have one), the first part which creates a new self-signed certificate will be skipped.
After pressing Y, a window opens and you have to select your certificate. Make sure, you don’t select the wrong. The certificate must have a private key and must be designed for document encryption, otherwise you’ll get an error.
I forgot to mention that you are the only person on this planet who can decrypt files you have encrypted, because you are the owner of the private key of the certificate. Open certmgr.msc and have a look at your cert.
Where is the backup of the cert? You can find it in your home directory.
Hurry up and save it to an external drive.
By the way, I guess it could happen that you want to decrypt the file later on 😉 Here’s the command for decryption. Note that the file shown is encrypted and Unprotect-CmsMessage will decrypt it.
Unprotect-CmsMessage -Path C:\Temp\passwords.txt
You can download the code here:
Once you have downloaded it, save it wherever you want. Then run it from that location.
All the best!
You won’t regret looking at my other two articles: