Cyber Security

EncryptFiles.ps1: Tool for encrypting File Content with PowerShell and Certificates

By on ( 2 Comments )

In two of my previous posts I showed how to encrypt and decrypt files with certificates. I think the time has come to automate that procedure. In short, I will provide a tool which enables you to encrypt files. Don’t worry about the certificate, the tool will ask you if you already have one. If not, it will be created. That’s how it works.

Why would you want to do that? Maybe you want to encrypt file content, or you want to protect your password file. I would never recommend storing passwords in plain text, but my experience tells me, that this is still very often the case. Put an end to it! 😉

Let’s dive in.

EncryptFiles.ps1 in Action (no Certificate)

Once you have downloaded the tool (for download see below), run it. You’ll be asked if you already have a certificate. In this first part we don’t have one.

1

Press N and enter a certificate name. The certificate will be created …

2.PNG

You must enter a password for the pfx file. That’s because you want to have a backup of the certificate, believe me 😉 In my tool backing up the newly created certificate is mandatory.

3.PNG

Now enter the path to the file to encrypt. After that, Notepad opens and you can see your encrypted file.

4.PNG

EncryptFiles.ps1 in Action (you have a Certificate)

If you already have a certificate (I guess most of the readers don’t have one), the first part which creates a new self-signed certificate will be skipped.

After pressing Y, a window opens and you have to select your certificate. Make sure, you don’t select the wrong. The certificate must have a private key and must be designed for document encryption, otherwise you’ll get an error.

5.PNG

The Certificate

I forgot to mention that you are the only person on this planet who can decrypt files you have encrypted, because you are the owner of the private key of the certificate. Open certmgr.msc and have a look at your cert.

6.PNG

Where is the backup of the cert? You can find it in your home directory.


Get-ChildItem $home

8.PNG

Hurry up and save it to an external drive.

Decrypt it

By the way, I guess it could happen that you want to decrypt the file later on 😉 Here’s the command for decryption. Note that the file shown is encrypted and Unprotect-CmsMessage will decrypt it.


Unprotect-CmsMessage -Path C:\Temp\passwords.txt

7.PNG

Download

You can download the code here:

EncryptFiles.ps1

Once you have downloaded it, save it wherever you want. Then run it from that location.

All the best!

Related Articles

You won’t regret looking at my other two articles:

PowerShell: Encrypt and Decrypt Data by using Certificates (Public Key / Private Key)

PowerShell: Encrypt and store your Passwords and use them for Remote Authentication (Protect-CmsMessage)

Categories: Cyber Security, PowerShell

Tagged as: , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2023], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

2 replies »

  1. i really enjoy learning from here. for a newbie like me, this site is really help me a lot. thank you for sharing.
    i got a question, can we protect a folder with every kind of data in it with this certificate way?

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.