Unprotect-CmsMessage
Decrypts content that has been encrypted by using the Cryptographic Message Syntax format.
Sintaxis
ByWinEvent (Es el valor predeterminado).
Unprotect-CmsMessage
[-EventLogRecord] <EventLogRecord>
[[-To] <CmsMessageRecipient[]>]
[-IncludeContext]
[<CommonParameters>]
ByContent
Unprotect-CmsMessage
[-Content] <string>
[[-To] <CmsMessageRecipient[]>]
[-IncludeContext]
[<CommonParameters>]
ByPath
Unprotect-CmsMessage
[-Path] <string>
[[-To] <CmsMessageRecipient[]>]
[-IncludeContext]
[<CommonParameters>]
ByLiteralPath
Unprotect-CmsMessage
[-LiteralPath] <string>
[[-To] <CmsMessageRecipient[]>]
[-IncludeContext]
[<CommonParameters>]
Description
The Unprotect-CmsMessage cmdlet decrypts content that has been encrypted using the Cryptographic
Message Syntax (CMS) format.
The CMS cmdlets support encryption and decryption of content using the IETF standard format for cryptographically protecting messages, as documented by RFC5652.
The CMS encryption standard uses public key cryptography, where the keys used to encrypt content (the public key) and the keys used to decrypt content (the private key) are separate. Your public key can be shared widely, and isn't sensitive data. If any content is encrypted with this public key, only your private key can decrypt it. For more information, see Public-key cryptography.
Unprotect-CmsMessage decrypts content that has been encrypted in CMS format. You can run this
cmdlet to decrypt content that you have encrypted by running the Protect-CmsMessage cmdlet. You
can specify content that you want to decrypt as a string, by the encryption event log record ID
number, or by path to the encrypted content. The Unprotect-CmsMessage cmdlet returns the decrypted
content.
Support for Linux and macOS was added in PowerShell 7.1.
Ejemplos
Example 1: Decrypt a message
In the following example, you decrypt content that's located at the literal path
C:\Users\Test\Documents\PowerShell. For the value of the required To parameter, this example
uses the thumbprint of the certificate that was used to perform the encryption. The decrypted
message, "Try the new Break All command," is the result.
$parameters = @{
LiteralPath = "C:\Users\Test\Documents\PowerShell\Future_Plans.txt"
To = '0f 8j b1 ab e0 ce 35 1d 67 d2 f2 6f a2 d2 00 cl 22 z9 m9 85'
}
Unprotect-CmsMessage -LiteralPath @parameters
Try the new Break All command
Example 2: Decrypt an encrypted event log message
The following example gets an encrypted event from the PowerShell event log and decrypts it using
Unprotect-CmsMessage.
$event = Get-WinEvent Microsoft-Windows-PowerShell/Operational -MaxEvents 1 |
Where-Object Id -EQ 4104
Unprotect-CmsMessage -EventLogRecord $event
Example 3: Decrypt encrypted event log messages using the pipeline
The following example gets all encrypted events from the PowerShell event log and decrypts them
using Unprotect-CmsMessage.
Get-WinEvent Microsoft-Windows-PowerShell/Operational |
Where-Object Id -EQ 4104 |
Unprotect-CmsMessage
Parámetros
-Content
Specifies an encrypted string, or a variable containing an encrypted string.
Propiedades del parámetro
| Tipo: | String |
| Valor predeterminado: | None |
| Admite caracteres comodín: | False |
| DontShow: | False |
Conjuntos de parámetros
ByContent
| Posición: | 0 |
| Mandatory: | True |
| Valor de la canalización: | True |
| Valor de la canalización por nombre de propiedad: | True |
| Valor de los argumentos restantes: | False |
-EventLogRecord
Specifies an event log record that contains a CMS encrypted message.
Propiedades del parámetro
| Tipo: | PSObject |
| Valor predeterminado: | None |
| Admite caracteres comodín: | False |
| DontShow: | False |
Conjuntos de parámetros
ByWinEvent
| Posición: | 0 |
| Mandatory: | True |
| Valor de la canalización: | True |
| Valor de la canalización por nombre de propiedad: | False |
| Valor de los argumentos restantes: | False |
-IncludeContext
Determines whether to include the decrypted content in its original context, rather than output the decrypted content only.
Propiedades del parámetro
| Tipo: | SwitchParameter |
| Valor predeterminado: | None |
| Admite caracteres comodín: | False |
| DontShow: | False |
Conjuntos de parámetros
(All)
| Posición: | Named |
| Mandatory: | False |
| Valor de la canalización: | False |
| Valor de la canalización por nombre de propiedad: | False |
| Valor de los argumentos restantes: | False |
-LiteralPath
Specifies the path to encrypted content that you want to decrypt. Unlike Path, the value of LiteralPath is used exactly as it's typed. No characters are interpreted as wildcard characters. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences.
Propiedades del parámetro
| Tipo: | String |
| Valor predeterminado: | None |
| Admite caracteres comodín: | False |
| DontShow: | False |
Conjuntos de parámetros
ByLiteralPath
| Posición: | 0 |
| Mandatory: | True |
| Valor de la canalización: | False |
| Valor de la canalización por nombre de propiedad: | False |
| Valor de los argumentos restantes: | False |
-Path
Specifies the path to encrypted content that you want to decrypt.
Propiedades del parámetro
| Tipo: | String |
| Valor predeterminado: | None |
| Admite caracteres comodín: | False |
| DontShow: | False |
Conjuntos de parámetros
ByPath
| Posición: | 0 |
| Mandatory: | True |
| Valor de la canalización: | False |
| Valor de la canalización por nombre de propiedad: | False |
| Valor de los argumentos restantes: | False |
-To
Specifies one or more CMS message recipients, identified in any of the following formats:
- An actual certificate (as retrieved from the Certificate provider).
- Path to the a file containing the certificate.
- Path to a directory containing the certificate.
- Thumbprint of the certificate (used to look in the certificate store).
- Subject name of the certificate (used to look in the certificate store).
Propiedades del parámetro
| Tipo: | |
| Valor predeterminado: | None |
| Admite caracteres comodín: | False |
| DontShow: | False |
Conjuntos de parámetros
(All)
| Posición: | 1 |
| Mandatory: | False |
| Valor de la canalización: | False |
| Valor de la canalización por nombre de propiedad: | False |
| Valor de los argumentos restantes: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Entradas
EventLogRecord
String
You can pipe an object containing encrypted content to this cmdlet.
Salidas
String
This cmdlet returns the unencrypted message.
