Cyber Security

EncryptFiles.ps1: Tool for encrypting File Content with PowerShell and Certificates

In two of my previous posts I showed how to encrypt and decrypt files with certificates. I think the time has come to automate that procedure. In short, I will provide a tool which enables you to encrypt files. Don’t worry about the certificate, the tool will ask you if you already have one. If not, it will be created. That’s how it works.

Why would you want to do that? Maybe you want to encrypt file content, or you want to protect your password file. I would never recommend storing passwords in plain text, but my experience tells me, that this is still very often the case. Put an end to it! 😉

Let’s dive in.

EncryptFiles.ps1 in Action (no Certificate)

Once you have downloaded the tool (for download see below), run it. You’ll be asked if you already have a certificate. In this first part we don’t have one.


Press N and enter a certificate name. The certificate will be created …


You must enter a password for the pfx file. That’s because you want to have a backup of the certificate, believe me 😉 In my tool backing up the newly created certificate is mandatory.


Now enter the path to the file to encrypt. After that, Notepad opens and you can see your encrypted file.


EncryptFiles.ps1 in Action (you have a Certificate)

If you already have a certificate (I guess most of the readers don’t have one), the first part which creates a new self-signed certificate will be skipped.

After pressing Y, a window opens and you have to select your certificate. Make sure, you don’t select the wrong. The certificate must have a private key and must be designed for document encryption, otherwise you’ll get an error.


The Certificate

I forgot to mention that you are the only person on this planet who can decrypt files you have encrypted, because you are the owner of the private key of the certificate. Open certmgr.msc and have a look at your cert.


Where is the backup of the cert? You can find it in your home directory.

Get-ChildItem $home


Hurry up and save it to an external drive.

Decrypt it

By the way, I guess it could happen that you want to decrypt the file later on 😉 Here’s the command for decryption. Note that the file shown is encrypted and Unprotect-CmsMessage will decrypt it.

Unprotect-CmsMessage -Path C:\Temp\passwords.txt



You can download the code here:


Once you have downloaded it, save it wherever you want. Then run it from that location.

All the best!

Related Articles

You won’t regret looking at my other two articles:

PowerShell: Encrypt and Decrypt Data by using Certificates (Public Key / Private Key)

PowerShell: Encrypt and store your Passwords and use them for Remote Authentication (Protect-CmsMessage)

2 replies »

  1. i really enjoy learning from here. for a newbie like me, this site is really help me a lot. thank you for sharing.
    i got a question, can we protect a folder with every kind of data in it with this certificate way?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.